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the reality is that mainstream business adoption is several 
years away. Web services hold the key. PAGE 29 


Microsoft CEO Promises 
Better ‘Patch Experience’ 


that the company is working 
on to improve the patch man- 
| agement process, provide 


Ballmer details plan 
for streamlined patch 


management, training | 


| users secure their systems, 


BY CAROL SLIWA 
NEW ORLEANS 
During a keynote speech at 
last week’s Microsoft World- 
wide Partner Confer- 
ence here, Steve Ball- 
mer didn’t shy away 
from discussing the 
security woes that 
have beset his compa- 
ny and its customers. 
On the contrary, Microsoft 
Corp.’s CEO addressed the is- 
sue head-on and outlined a set 
of new and updated initiatives 


guidance and training to help 


and make the vendor’s prod- 


| ucts more resistant to attack. 


Partners welcomed the 


| news and cheered loudly 


INSIDE 


Microsoft discloses 

Web services man- 

agement strategy. 
Page 16 


when Ballmer told 
them that by May 
2004, there will be 
one place on the com- 


all patches for all Mi- 


| crosoft products will be avail- 


able. The new Microsoft Up- 

date will complement the ex- 

isting Windows Update. 
“This will just simplify 


pany’s Web site where | 
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things,” said Mitchell Rubin, 
president of Lynx Consulting 
Group in Springfield, Pa. 


“Now I go to Windows Update 


for patches, and I have to go to 
a different site for Office.” 
Ballmer also set a May 2004 
deadline for the single “patch- 
ing experience” that the com- 
pany has pledged will replace 
its multiple patching systems. 


Patches, page 16 


Military Orders Suppliers 
To Use RFID Technology 


Radio frequency tags 
required on pallets, 
cases by start of 2005 


BY BOB BREWIN 

The U.S. Department of De- 
fense last week said it will re- 
quire all of its suppliers to put 
radio frequency identification 


_| tags on their shipping pallets 
2| and cases by January 2005, a 


mandate that likely will have 
an even bigger im- 
pact than a similar 
move by Wal-Mart 
Stores Inc. in June. 
The endorsements 
of RFID technology [Rw 
by the Pentagon and 
the retail giant are expected to 
force product manufacturers 
and distributors to make big 
investments in their IT infra- 
structures over the next 15 
months. 
The Defense Department’s 
new policy will cover virtually 
everything bought by the U.S. 


air 
RFID coverage, 
PS ets 


military, from beans to bullets 
and from toothpaste to tank 
parts. The so-called passive 
RFID tags will be used to track 
the movements of about 45 
million line items, said Alan 
Estevez, assistant deputy un- 
dersecretary of Defense for 


| supply chain integration. 


Estevez couldn’t quantify 
the number of suppliers that 
will be affected by the RFID 
policy, which was set out in 
a document signed 
by Michael Wynne, 
the acting under- 
secretary of Defense 
for logistics. But the 
Defense Logistics 
Agency, which 
bought an estimated $24 bil- 
lion worth of goods last year, 
currently does business with 
23,642 suppliers, according to 
a spokeswoman. 

Like Wal-Mart, which is re- 
quiring its top 100 suppliers to 
adopt RFID [QuickLink 39181], 

RFID Tags, page 55 


A Question of Ethics 


Recent controversies surrounding the 
credibility of IT market reports and 


how they’re funded have put research 

firms on the defensive. IT pros who 
rely on the reports for making purchasing decisions 
and formulating IT strategies are demanding more 
transparency. In this special report, Thomas Hoffman 
looks into the ethics policies of major research firms 
and IT managers’ expectations. SEE PAGE 4 


ONLINE EXCLUSIVE 


Senior executives from six top market research firms explain 


their positions on 


research sponsored by a single 


conducting 
vendor. €> QuickLink 42037 = www.computerworld.com 
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| Introducing Microsoft Windows Server 2003. Do more with less. 


You're being asked to do more. You're being asked to do it with less. Microsoft” Windows® Server 2003 is designed to 
help you manage these opposing forces with powerful server consolidation capabilities that increase efficiency, decrease 
man-hours, and lower your total cost of ownership. Download your free evaluation copy of Windows Server 2003 at 
microsoft:com/windowsserver2003 Software for the Agile Business. 


Po Information Resources, Inc. (IRI) manages over 122 terabytes of data to provide consumer behavior insights, advanced analytics, and 
decision analysis tools for some of the largest consumer packaged goods, healthcare, retail, and financial companies in the world. To meet 
increasing demand for faster, more granular business intelligence while reducing costs, IRI is using 64-bit editions of Windows Server 2003 
and SQL Server™ 2000 on an Intel Itanium 2 system to deliver faster answers to its customers. The result? IRI will be able to process more 
queries, using a fraction of the number of servers while realizing significant cost savings and improving customer service. 
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Control. 


Take control of your Internet security. 


Introducing Proventia” Enterprise Protection Products. Just because Internet threats are 
complex, doesn’t mean your security has to be. Finally, a single, unified protection appliance 
that protects more with less, eliminating the cost and chaos of multiple stand-alone security 
products. Proventia™ centrally-managed products range from detection up to completely 
unified and proactive multi-function protection appliances, combining firewall, intrusion 
prevention and anti-virus technologies. Take control of your enterprise security. Switch to 
Internet Security Systems today. 800-776-2362. www.iss.net/takecontrol. 


INTERNET 
SECURITY 
SYSTEMS” 





¥ 





CONTENTS 


7 Ad 


4 é MySQ/ 


- Nays? 


he 


/ [ee 
{ EB a 


i. MySQL Breaks Into the Data Center 

In the Technology section: Critics claim it’s not a 
mature technology, but MySQL is changing the na- 
ture of the database market with a powerful combi- 
nation of low cost and high performance. Page 32 
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Nine-Digit Dilemma 

In the Management section: Some companies must still 
include risk-laden Social Security numbers in their cus 
tomer data, but others can now omit or replace them. 
It’s up to IT to figure out the complex and costly tech- 
nology solutions to the identity theft problem. Page 41 
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SPECIAL REPORT 


Ea) ae ttr Ten ee) 
responding to questions about 
their credibility in light of recent 
rte) les et RE 


IBM extends Tivoli manage- 
ment to zSeries mainframes. 


Siebel tries to soothe users 
with an upgrade of its CRM 
applications and further 
moves to simplify the process 
of integrating its products 
with other systems. 


HP e2000 users are being 
forced to make some difficult 
migration decisions affecting 
their IT infrastructures. 


Chief security officers are 


finding that justifying security 


spending based on fear alone 
no longer flies with senior 
management. 


BEA pitches a model for se- 
curing shared access to Web 
and legacy applications. 


Microsoft discloses that the 
next version of its Microsoft 
Operations Manager will in- 
troduce a set of packages to 
monitor Web services. 


29 Emerging Technologies: 


Grids Extend Reach. 
Grid tech- 

nology is 

catching on in 

scientific and 
engineering 

niches, but it’s still 

years away from being 
used for broader business 
applications. 


35 Future Watch: Megabit 


Mobile. Wireless data ser- 
vices could soon operate at 
dazzling speeds — and that’s 
only part of what lies ahead 
for mobile computing. 


36 Security Manager’s Journal: 


New Job Brings Back Old 
Problems. Vince Tuesday 
gets a new job and discovers 
that, along with the new chal- 
lenges, he’s still dealing with 
many of the ones he encoun- 
tered in his previous position. 


MANAGEMENT 


46 ROI: Selling Security to the 


CFO. An ex-CI0 tells how to 
make a credible business case 
for spending money on IT se- 
curity — with ROI calcula- 
tions that even the toughest 
CFO will buy into. 


OPINIONS 


6 On the Mark: Mark Hall has 


the goods on Fujitsu’s new 
RISC chip and Unix servers. 
And he’s discovered the dif- 
ference between spam and 
honest marketing. 


24 Maryfran Johnson suggests 


for now that you shy away 
from the grid computing 
Kool-Aid being served by 
many leading vendors. 


24 Pimm Fox argues that for 


$139.5 million, the NYSE could 
get a very nice IT alternative 
for its trading floor operations 
and oversight duties. 


David Moschella believes that 
the next frontier of e-com- 
merce standards will be set by 
users, not vendors. 


39 Nicholas Petreley imagines 


how it would go if Sun Micro- 
systems sought professional 
help for its identity crisis. 


48 Bart Perkins says the condi- 


tions are right for the third 
wave of offshore IT outsourc- 
ing to be more successful than 
the first two. 


3 Frankly Speaking: Frank 


Hayes advises you to be care- 
ful about who you let touch 
the wheel that drives IT. 


ONLINE 
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How much do you rely on analyst reports 
before making major IT decisions? 


@ Take this week's QuickPoll at www.computerworld.com. 


MP M NON: 


Outsourcing’s Hidden Costs 

DEVELOPMENT: Offshore outsourcing’s draw- 
backs can outweigh its benefits, warns a CEO 
who has been outsourcing for years. € 41784 


Coping With Privacy Costs 
MANAGEMENT: Complying with privacy regu- 
lations may be expensive, but it’s key to pre- 
venting even more costly legal liabilities, says 
risk management expert Jim West. @ 41890 


U.S. Leads in Online 

Privacy Disclosure 

PRIVACY: U.S. companies are better at dis- 
closing their privacy policies than businesses 
elsewhere, but they still have a ways to go to 
make those policies truly understandable, 
writes columnist Jay Cline. @ 41886 
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agers on his company’s auto- 
nomic computing plan. 
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IBM releases a distributed 
file system to provide storage 
management for multivendor 
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Market Research Providers 
Confront Credibility Concerns 


IT chiefs say they want ethics policies 
and disclosures stated more clearly 





BY THOMAS HOFFMAN 
ECENTLY PUBLISHED 
reports that have 
prompted questions 
about the credibility 

of some market research firms 


| have spurred two of the big- 


gest names in the field to make 
substantial changes to their 
ethics and disclosure policies. 
And that’s a good thing, 
users say. They want to see 
market research firms 
state their ethics poli- 
cies more clearly on 
their Web sites and 
through other distribu- 
tion channels, according to an 


| exclusive Computerworld sur- 
| vey of 133 IT professionals 


that was conducted last week. 
Last month, some IT profes- 


| sionals reacted angrily to a 
| Microsoft-funded report re- 


leased by Cambridge, Mass.- 


| based Forrester Research Inc. 


that concluded that develop- 
ing and deploying Web-based 


Point/Counterpoint 


cain: I'm nat . 
bgt an of 
any of those 
market research 
firms. | don't be- 
lieve them to be 
independent. 


Oe eeresecscoscsecsces 


RUSS LEWIS, 
ClO, GFinet Inc. 


COCO HOHE H HEE HEHE HEHE EH EH ESE OEEEEE EEE EEEE SOSH EEE SHEED 


& | think their 
opinions 
are based on fact 
and not on spon- 
sorship. They're 
Calling the shots 
as they see them. 


JOE PUGLISI, 
C10, Emcor Group Inc. 





NEWS 


portal applications is substan- 
tially less expensive using 
Microsoft technology than it 
is using a Linux/J2EE combi- 
nation [QuickLink 


| 41320). 


Two weeks later, 
the release of an anti- 
Microsoft security 
report led to the fir- 
ing of one of its co- 
authors, who harshly 
criticized the ven- 
dor’s dominance of 
the software industry 
[QuickLink 41691]. 

Interviews with 15 
CIOs last week indi- 
cated that many IT executives 
continue to rely on market re- 
search firms as one compo- 
nent of making product pur- 
chasing decisions or setting 
strategic plans. But some CIOs 
say they have soured on the 
use of market research be- 
cause of credibility concerns, 
high costs and doubts about 
the reports’ value. 

For instance, Russ Lewis 
said he made use of research 
from Forrester and Gartner 
Inc. quite often when he was 
CIO at New York investment 
bank Jefferies & Co. from 1994 
to 1999, But he “found their re- 
search to be somewhat limit- 
ing and narrow in focus,” said 
Lewis, who is now CIO at GFI- 
net Inc., a subsidiary of New 
York-based brokerage services 
provider GFI Group Inc. 

“I’m not a big fan of any of 
those market research firms,” 
Lewis said. “I don’t believe 
them to be independent, and | 
don’t believe their research to 


| be valuable except at a very 
| high level for very large firms.” 


For its part, Forrester is mak- 
ing substantial changes to its 
ethics and disclosure policies 
following the release of the 
Microsoft-sponsored report 
and controversy surrounding 
another recent report that was 
funded by PeopleSoft Inc. 

PeopleSoft had sponsored a 
survey of more than 600 busi- 


__ Forrester ced 
SEORGE ¢ 

“We' re correc 
our processes.” 





ness and IT users that exam- 
pee users’ satisfaction with 
products from several enter- 
prise application vendors, in- 
cluding PeopleSoft, 
SAP AG, Oracle 
Corp. and Siebel 
Systems Inc. People- 
Soft put out a press 
release on Sept. 15 in 
which it boasted that 
it “outscored SAP, 
Oracle, and Siebel in 
the overall ability to 
deliver a superior 
enterprise applica- 
tion ownership ex- 
perience” [Quick- 
Link a3710]. The release attrib- 
uted the findings to “an inde- 
pendent research study com- 
pleted by Forrester Research” 





www.computerworld.com 


but failed to mention that Peo- 
pleSoft had paid for the study. 
Steve Swasey, director of 
corporate public relations at 
PeopleSoft, said there was no 


| point in disclosing the source 


of the funding. “What’s the 
need? The research was objec- 
tive and unbiased,” he said. 
“We would have done the 
same if the research was spon- 
sored by someone else.” 

Allowing PeopleSoft to pub- 
lish the results in the press re- 
lease was a mistake, a Forrester 
spokeswoman said last week. 

In an interview last week, 
Forrester CEO George Colony 
said that the company has tak- 
en steps to “tighten” its inter- 
nal processes and its integrity 
policy. In fact, Forrester “will 
no longer accept projects that 
involve paid-for, publicized 
product comparisons,” accord- 
ing to a statement from Colony 
that’s now posted on the com- 
pany’s Web site. 

“We erred in the Microsoft 
and PeopleSoft cases, and 


ClOs Hold Market Research 
Firms to a High Standard 


A whopping 87% of 133 re- 
spondents to a Computerworld 
survey said they have ques- 
tioned the statistical validity or 
integrity of market research. 
And the same percentage said 
they would like to see clearly 
stated ethics policies regarding 
the research firms’ vendor rela- 
tionships. 

“Like any other companies, | 
understand that they have to go 
after different sources of fund- 
ing,” said Cathy Brune, senior 


vice president and chief technol- 


ogy officer at Allstate Insurance 
Co. in Northbrook, lll. “But they 
need to be honest about saying 
who pays for the research.” 

“If the research is funded by 
a vendor and it examines their 
marketplace, | question it with 
a jaundiced view,” said Lew 
Temares, vice president of in- 
formation resources at the 
University of Miami in Coral 
Gables, Fla. 


Bruce Fadem, vice president 
and CIO at pharmaceutical 
company Wyeth in Paoli, Pa., 
said his biggest concern with 
market researchers isn’t the 
credibility of their work but the 
kind of influence they can 
sometimes wield in establish- 
ing themselves as market 
makers. 

Four years ago, Fadem made 
extensive use of research from 
one firm that he declined to 
name, to help him make a pur- 
chasing decision on a global 
change management system. 
Fadem said the research firm in 
question “became infatuated” 
with a particular vendor in this 
market “and didn’t do as thor- 
ough a job as they should have” 
in examining the viability of the 
company. “Nor did we,” he ac- 
knowledged. 

Two years after Wyeth had 
made a “major” investment in 
software from this company, the 
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Fewer Secrets 


DISCLOSES SOURCE 
OF RESEARCH FUNDING 
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Meta Group Inc. 
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we're correcting our proces- 
ses,” Colony said. 

Forrester isn’t alone. Bos- 
ton-based Aberdeen Group 
Inc. plans over the next 45 


days to “sharpen and enhance” 


the ethics policies posted on 
its Web site in order to more 
clearly state its research meth- 
odologies, said James L. Be- 
dard, who became Aberdeen’s 


vendor - which was not a start- 
up — went out of business, said 
Fadem. 

“There's a real risk with these 
information suppliers, because 
they become of significant size 
and they're in a position to make a 
market,” said Fadem, who contin- 
ues to subscribe to reports from 
Gartner, Meta Group and Giga In- 
formation Group Inc. Market re- 
searchers “can tout a particular 
product and have their sub- 
scribers go in that direction at the 
cost of some very good products 
and services that don’t get the 
support they deserve,” he said. 

Robert Schwartz, ClO at Mat- 
sushita Electric Corporation of 
America’s Panasonic Co. division 
in Secaucus, N.J., said he has 
been a Gartner subscriber for 
years. And while he continues to 
rely on the firm's research to help 
him decide on IT product pur- 
chases, Gartner's expansion into 
consulting and other areas “was 
getting beyond research, and we 
found that we wanted to work 
with a firm that provided pure re- 
search,” he said. Panasonic re- 
cently became a client of AMR 


POSTS ETHICS 
POLICIES ONLINE 


president and CEO in August. 
The decision is partly a re- 
sponse to a June 2002 Wall 
Street Journal story criticizing 
firms that offer “praise for 
pay.” In that story, the previ- 
ous Aberdeen management 
| defended the practice of pub- 
| lishing favorable research re- 
ports for vendors. 
“It’s critical that [customers] 


Research, “since it was purely fo- 
cused on research,” Schwartz 
said. The company also wanted 
to tap AMR’s supply chain exper- 
tise, he added. 

Several ClOs touted the in- 
tegrity of Gartner's research. 
“I'm pleased with the general re- 
search results we've gotten from 
Gartner, both the written results 
and from their analysts in particu- 
lar. They've done a good job for 
us over the years,” said Richard 
Gius, senior vice president of IT 


4 They need 
to be hon- 

est about saying 
who pays for 
the research. 
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CATHY BRUNE, 
SENIOR VICE PRESIDENT AND 
CTO, ALLSTATE INSURANCE 


have the highest degree of 
| belief in our integrity,” said 
| Bedard. 


Executives at other leading 
market research firms, includ- 
ing Gartner, Meta Group Inc. 


| and IDC, say they haven’t 
| made any recent changes to 
| their ethics policies or how 


they go about disclosing them. 


“If anything, we’re often 


asked [by vendors] to change 
| [our disclosure policies] in the 


other direction” and make 


them less restrictive, said David | 

. e | 

| Yockelson, executive vice pres- 
ident and director of technolo- 


gy research services at Stam- 


ford, Conn.-based Meta Group. 


Meta Group “rarely” takes 
| on research sponsored by a 


| single vendor, said Yockelson. 


And though the vendor does 


| have the right to review Meta 
| Group’s findings in these types 


of reports, Yockelson said, 
| “that doesn’t give the vendor 
the right to not publish it or 


| change it. They can come back 
| and say they disagree. But we 


and CIO at Cardinal Health Inc.'s 
Medical Products and Services 
group in McGaw Park, Ill. 

Curtis Wolfe, CIO and director 
of the IT department for the state 
of North Dakota in Bismarck, 
said the state has contracts with 
both Gartner and Meta Group. He 
said he finds the two firms “use- 
ful for affirmation” after his IT 
team evaluates market trends 
and product strategies by study- 
ing trade journals and attending 
industry conferences. 

For instance, Wolfe said he re- 
cently asked Meta Group analysts 
for their insights on J2EE vs. .Net. 
“We found that their technical 
evaluations of the market were 
productive,” said Wolfe. “They 
weren't necessarily supporting 
one over the other, and we found 
them to be very objective.” 

Joe Puglisi, ClO at Norwalk, 
Conn.-based Emcor Group Inc., 
made similar comments about 
Giga Information Group. “I think 
their opinions are based on fact 
and not on sponsorship,” said 
Puglisi. “They're calling the shots 
as they see them.” 

- Thomas Hoffman 








| won't withhold it because it’s 
| funded by the vendor.” 


If Meta Group is conducting 
internally funded research in 


which a particular vendor re- 
| ceives a “substantial mention,” 


the researcher will allow the 


| vendor to fact-check the mate- 
| rial and recommend changes 
| for the sake of accuracy. 


“We don’t offer a vendor the 
guarantee that if they don’t 
like what we write they can 
change it. As long as we are 
factually correct, we will pub- 


| lish whatever it is that we’ve 


created,” said Yockelson. 
Jim Shepherd, senior vice 


president at AMR Research 


Inc. in Boston, said vendor- 
sponsored research isn’t an is- 


sue for his firm, at least from 


an ethics standpoint. “If we do 
research for a [vendor] client, 
it is not published and can 

only be used by a client inter- 


| nally,” he said. “And we don’t 
| do much of that.” 


Like Meta Group, AMR will 
also let vendors fact-check its 


| so-called deep-dive product 

| review reports. “But we won't 
| cede editorial control in any 
sense,” said Shepherd. 


Framingham, Mass.-based 


| IDC, a sister company of Com- 
| puterworld, “always discloses” 
| in writing on the research 

| document who the source of 

| funding is for a particular 

| piece of research, said CEO 


Kirk Campbell. 
In the rare instances IDC 


| does conduct vendor-spon- 
| sored research, said Campbell, 
| the vendor has the right to re- 


view the findings. “But IDC 


| has the final determination on 


all of its research content and 


| how and where it is pub- 


lished,” he said, adding that 


; IDC hasn’t made any changes 


to its research objectivity poli- 
cies since they were estab- 


| lished in the early 1990s. 


Joseph Baylock, group vice 


| president of vendor relations 
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For what reasons 
do you rely upon 
market research? 


B® Tohelp make IT spending decisions 
@ Tohelp formulate IT strategic direction 
® Togain insight about market trend 

To stay abreast o 


Other 
ee ecececccescccccccces 


How credible 
do you feel the infor- 
mation you receive 
from analysts is? 


—__ 2% 
_1% 
Very credible 
@ Somewhat c 
@ Not d 
Not at all credible 


eee eeeereesessseseeess 


Do you think that 
research firms should 
have published, 
clearly stated ethics 
policies governing 
their vendor/client 
relationships? 


at Stamford, Conn.-based Gart- ° 


ner, said the company doesn’t 
conduct any vendor-spon- 
sored research, although its 
Gartner Consulting unit does 
conduct proprietary studies 
for vendors and groups of ven- 
dors. But those reports aren’t 
published for public consump- 
tion, he said. @ 42031 


BNo 
@ Doesn't matter 
Don't know 
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AT DEADLINE § 


Microsoft Tests 
Reporting Software 


Microsoft Corp. released the first 
public beta-test version of soft- 
ware designed to add reporting 
capabilities to its SQL Server 
2000 database. The new technol- | 
ogy, called SQL Server 2000 Re- | 
porting Services, will be marketed | 
as an add-on to the database and 

is due to ship by year’s end. Mi- 
crosoft made a beta version avail- | 
able in May to about 1,000 users. 


NEWS 


MARK HALL #®* ON THE MARK 


Fujitsu Unveils New 
Sparc Chips, Systems ... 


... tomorrow at the Microprocessor Forum in San Jose. The company 
will announce that it has two more versions of its Sparc V CPU in the 
pipeline. The new chips are expected to bump processing speed for 
the RISC microprocessor from the current 1.35 GHz to 2 GHz by 2005. 
And late that year, Tokyo-based Fujitsu plans to introduce its multi- 
threaded Sparc VI processor running at 2.4 GHz. Sources said the 
company will need to redesign the system bus for its PrimePower Unix 
servers, which use Sun’s Solaris operating system, to take advantage 


Hitachi Upgrades 
High-End Arrays 


Hitachi Data Systems Corp. in 
Santa Clara, Calif., announced 
upgrades of its two high-end disk 
array lines, including the addition 
of software that lets its Lightning 


of the much larger data processing ca- 
pacity of the new chips. Sparc V chip up- 
grades can be handled without replacing 
PrimePower servers, but when you move 
to the Sparc VI-based systems, “a box 
swap is required,” a source points out. 
Fujitsu insiders also say that while Sun 
has been struggling because of its broad line of 


| existent for some. But to others, the line is 
| real and important. That’s why the folks 


at Churchill Downs Inc. in Louisville, Ky., 
depend on their bulk e-mail application 


| service provider (ASP) to have a thor- 
| oughbred relationship with Internet ser- 
| vice providers. Mark Midland, vice presi- 


dent of marketing for the company that 


| runs the Kentucky Derby, racetracks in 


9900V devices mimic the WORM 
(write once, read many) capabili- 
ties of optical storage systems. 
That feature is designed to help 
financial services firms comply 
with document-retention rules. 


Short Takes 


HEWLETT-PACKARD CO. CEO Car- 
ly Fiorina was named to a com- 
mittee that will advise incoming 
California Gov. Arnold Schwarz- 
enegger on political appoint- 
ments. . . . COREL CORP. laid off 
18% of its workforce, or about 


125 people. The cuts came two 
months after the Ottawa-based 
software vendor was bought by a 
venture capital firm. 


Correction 

An error was discovered in a 
story on page 20 in this week's 
issue (“Microsoft Releases 
Small-Business Bundles”) after 
that page had already gone to 
press. The Fischer Group spent 
$20,000 in connection with its 
original installation of Microsoft 
Corp.'s Windows Small Business 
Server 2000 software bundle. 
The company spent $6,450 to 
upgrade its systems and hire out- 
side help for a recent migration 
to Microsoft's Windows Small 
Business Server 2003 offering. 


low-margin systems that compete with 


Windows and Linux 
servers, their company 
has seen record growth 
in its 16- to 128-proces- 
sor Unix systems sales. 
Quarterly sales of 
PrimePower machines 
are exceeding the total 
annual sales of just two 
years ago. “We’re a 
glass-house player. And 
that space is buying 
now,” says one source. 
= The line between mass 
e-mail marketers and 
spammers is thin to non- 


BY MATT HAMBLEN 


| IBM today will announce that 
| Tivoli systems management 

| technology is being extended 
| to its zSeries mainframe man- 
| agement products. 


This extension has become 
necessary partly because 
some companies are moving 
back to centralized comput- 
ing, said Steve Wojtowecz, di- 
rector of strategy for Tivoli. 

Two zSeries users who 
spoke with Computerworld 
last week said they hadn’t 
heard about the new products 
but were interested. “Any new 
products that bring Tivoli 
management to zSeries are a 


Arrowkey Inc. in Lincolnshire, Ill, 
will upgrade its CD/DVD Inspec- 
tor product in early 2004. The 
upcoming release is designed to 
let users link data on disk to the 
application that created it, even 
if the extension and file name 
have been removed. And law en- 
eee eR WU Et eB l-ef- | 
Cle BRS r- Terme CRM (el it) 
MMO eel em leur: e-te 
phy. Prices start at $349. 


five states and off-track 
betting operations 
throughout the U.S., 
claims his 50 e-mail 
campaigns totaling 
more than 1.3 million 
messages have boosted 
race attendance by 4%. 
His company uses 
ExactTarget LLC, an In- 
dianapolis-based ASP, 
to develop “one-to-one 
marketing messages to 
our loyalty program 
members,” Midland 
says. ExactTarget Presi- 
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dent Scott Dorsey says he stays on the 
good side of his Internet service provider 
by requiring all of his customers to sign a 
contract specifying that they'll send mes- 
sages only to an opt-in audience. He also 
demands that customers sign a minimum 
12-month deal, thus eliminating spam- 
mers who abuse the system for a month 


| and then move on. Still, Dorsey acknowl- 


edges that since ExactTarget opened its 
doors three years ago, he’s had to termi- 
nate “dozens of contracts of users who repeat- 
edly violated the contract.” Later this quar- 
ter, ExactTarget will give its users more 
rule-based tools to respond in different 
ways depending on how a recipient re- 
sponds to a message. Of course, if you 
delete it, no response is necessary. 

® Speaking of rules, if you use Web site 
acceleration appliances from Redline 
Networks Inc. in Campbell, Calif., you 
can get a free copy from now until Janu- 
ary of its new OverDrive software that 


| processes if-then rules that you write. For ex- 
ample, if you want to redirect visitors to 


another Web page from a URL they may 
have typed in, OverDrive will do it for 
you. ® The debate about whether soft- 
ware problems are caused by dumb end 
users or dumb applications can be set 
aside if you train people right on even the 
most obtuse application. That’s the theory 
behind RoboDemo Version 5, which ships 
at the end of the month from eHelp Corp. 
in San Diego. RoboDemo uses Macrome- 
dia Inc.’s Flash technology to record and 
play back instructions explaining exactly 
how to use a program so even a journalist 


can use it correctly. The new release will 
| be able to import Flash and full-motion 
| video files. You’ll also be able to record 
| in full-motion for applications such as 
| drawing or CAD programs. The tuition 


— uh, price — is $399. @ 42006 


| step in the right direction,” 
said Jim Haney, vice president 
of architecture at Whirlpool 
Corp. in Benton Harbor, Mich. 
| Jim Kennedy, program man- 
ager for enterprise systems 
management at the Internal 
Revenue Service, said Tivoli 
management technology 
could be valuable to its three 
computing centers in Detroit, 
Memphis and Martinsburg, 
WVa. The computing centers 
use zSeries hardware and 
management software from 
BMC Software Inc., Computer 
Associates International Inc. 
and others. “They are all cob- 
bled together but well man- 








IBM Extends Tivoli Management to zSeries 


| aged so far,” he said. 


IBM announced three prod- 
ucts for zSeries data centers. 


| Tivoli Management Portal is a 
Web-based portal designed to 


interface with zSeries moni- 


| toring tools for a single view 


into the zSeries operating sys- 
tem, middleware, and network 
and storage systems. Tivoli 
Storage Optimizer will aid 
zSeries storage monitoring by 
automating routine tasks such 
as moving storage volumes, 
IBM said. And Tivoli Perfor- 
mance Modeler will help build 
models for IT resource capaci- 
ty planning by enabling users 
to see the potential effects of 





| changes in hardware or soft- 


ware configurations, said IBM. 

Storage Optimizer is priced 
at $1,150 per “value unit” 
(IBM’s term for a user or 
group of users acting as a 
unit), or about $75,000 for the 
average data center. Perfor- 
mance Modeler is priced at 
$1,000 per value unit, or about 
$68,000 for an average data 
center. There is no charge for 
Tivoli Management Portal. All 
three products will ship next 
month. @ 42001 


SERIOUS ABOUT ZSERIES 


IBM is boosting services and support for 
the zSeries mainframe: 


QuickLink 41935 
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Microsoft Extends 
Java Support Plan 


Microsoft Corp. and Sun Micro- 
systems Inc. announced a deal 
that lets Microsoft continue sup- 
porting its Java virtual machine 
software through next September, 
nine months longer than originally 
planned. The companies said the 
deal is designed to give Microsoft 
users more time to migrate to 
other versions of Java. Microsoft 
plans to drop its Java code as 
part of the settlement of a lawsuit 
filed by Sun in 1997. 


SAP, PeopleSoft 
Boost Q3 Forecasts 


Business applications rivals SAP 
AG and PeopleSoft Inc. both said 
their third-quarter financial re- 
sults will be better than expected. 
SAP said its success rate at clos- 
ing sales improved during the 
quarter, although the company 
noted that its total revenue will 
likely drop by 3% year over year. 
Pleasanton, Calif.-based People- 
Soft said its software sales, total 
revenue and earnings should all 
top expectations. 


Oracle Announces 
Low-End Database 


Oracle Corp. released an entry- 
level version of its Oracle Data- 
base 10g software aimed at de- 
partmental use as well as small 
and midsize companies. The Ora- 
cle Standard Edition One data- 
base runs on single-processor 
servers and costs $5,995 for an 
unlimited number of users. Cus- 
tomers can also choose a named 
user license for $195 per user, 
with a minimum of five users. 


Short Takes 


SAS INSTITUTE INC. in Cary, N.C., 
said it’s buying MARKETMAX INC., 
a Wakefield, Mass.-based vendor 
of retail planning and data analy- 
sis applications. ... MIT named 
Jerrold Grochow as its vice presi- 
dent of information systems and 
technology, effective Nov. 1. 





| 
| 
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NEWS 


| Upgrades integration tools, plans new 


release of applications for next spring 





BY MARC L. SONGINI 
SAN DIEGO 
ACED WITH a continu- 
ing decline in revenue, 
CRM software vendor 
Siebel Systems Inc. last 
week tried to soothe users by 
announcing a planned up- 
grade of its applications and 
further moves to simplify the 
process of integrating its prod- 
ucts with other systems. 
At its Siebel User Week 


| conference here, San Mateo, 


Calif.-based Siebel detailed a 


| new product strategy dubbed 
| CRM for Everyone that’s 


aimed at encouraging more 
pervasive use of its software 


| throughout companies. The 
| plan includes added industry- 


specific functionality that will 
be part of the Siebel 7.7 up- 
grade, expanded customer 
analysis tools and a set of 


| hosted CRM applications that 


| new features (see 





| Siebel announced with IBM 


earlier this month. 

CEO Thomas Siebel said 
during a keynote speech that 
Siebel 7.7 is designed “to get 
us where we need to go” to 
meet the needs of users. The 
upgrade, which is due next 
spring, will include 


| arole-based user 


interface and other 


box). Siebel also 
is promising im- 
provements in ar- 


| eas such as installa- 


tion, configuration and testing 
in order to lower total cost of 
ownership for customers. 


Easier Upgrade 

Burlington Northern and San- 
ta Fe Railway Co., which now 
runs the vendor’s Siebel 7 ap- 
plications, plans to move to 
Version 7.7 in the future, said 


Proving That CRM Projects 
Pay Off Isn’t Easy, Users Say 


SAN DIEGO 

Calculating exact return on in- 
vestment figures for CRM roll- 
outs can be tricky, said several 
IT managers at the Siebel User 
Week conference. And that can 
make it difficult to sell projects in 
the current IT spending environ- 
ment, where every dollar has to 
be justified, they added. 

Attendees said CRM installa- 
tions often provide intangible 
benefits, which can make the 
ROI math a bit fuzzy. 

“We've achieved a lot of re- 
turn on investment, [but it’s] 
mostly soft,” said Edward Garry, 
vice president of CRM solutions 
at Quick & Reilly Inc., a financial 
services firm in New York. “It's 


somewhat difficult to figure out 
ROI for CRM, and it’s not unique 
to Siebel.” 

Quick & Reilly, a subsidiary 
of FleetBoston Financial Corp., 
runs Version 6 of Siebel’s sales 
and customer service software. 
Garry said that after using the 
software to create unified sales 
procedures, Quick & Reilly saw a 
spike in the number of leads its 
sales force was able to obtain. 
But, he added, a number of oth- 
er factors were also involved, 
making it hard to measure the 
software's contribution. 

“You need metrics to know 
what is going on [with ROI],” 
said Bonnie Henn-Pritchard, 
assistant vice president of tech- 





More information about 
CRM can be found at our 
Knowledge Center: 


© QuickLink k1300 
www.computerworld.com 


Siebel Bids to Broaden 
Use of Its CRM Software 


Bonnie Henn-Pritchard, assis- 
tant vice president of technol- 
ogy services at the Fort Worth, 
Texas-based company. But 


| she added that Burlington 


Northern may first migrate 
to the current release, Siebel 
7.5, to make the upgrade less 
complicated. 

Henn-Pritchard said she 
is also interested in Siebel’s 
Universal Application Net- 
work (UAN) inte- 
gration technology 
if it proves to be 
the panacea for 
connecting to oth- 
er systems that the 
company claims it 
is. In addition, 
Burlington Northern is eyeing 
Siebel’s new hosted applica- 
tions as a way to extend CRM 
capabilities to more end users. 
But Siebel needs to demon- 
strate exactly how all the 
pieces of its strategy fit to- 
gether, Henn-Pritchard said. 

Siebel continued its VAN 
push at the conference by 


nology services at Burlington 
Northern. But CRM systems 
often provide benefits that are 
“more qualitative than quantita- 
tive,” such as making it easier 
for customers to do business 
with a company, she said. 

EMI Industries Inc., a Tampa, 
Fla., maker of food-handling 
equipment for supermarkets, 
runs a midmarket version of 
Siebel's call center software. 
David Hahmann, a vice presi- 
dent at EMI, said the company 
expects to recover its invest- 
ment of less than $1 million with- 
in three years through cost re- 
ductions and revenue increases. 

But ROI wasn't a big concern 
for EMI, Hahmann added. Its main 
goal was to get so far ahead of its 
rivals in using CRM-enabled busi- 
ness processes that they wouldn't 
be able to catch up, he said. 

- Mare L. Songini 
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Siebel 7.7 


® A role-based user interface 
with guided navigation tools. 


® A dashboard-style console 
tailored for use in branch offices 
of banks. 


= A customer loyalty applica- 
tion designed to help users iden- 
tify profitable customers and op- 
timize marketing of products and 
promotions to them. 


= Upgraded analytic applica- 
tions, sold separately, with full 
support for Web services and in- 
tegrated data mining and predic- 
tive analysis capabilities. 


| announcing an upgrade of its 


Business Integration Applica- 
tions software, a set of pre- 
built routines for connecting 
CRM applications to other 


| systems. 


The company also said that 
by year’s end, the software 
will become available for use 
with IBM’s WebSphere Busi- 
ness Integration Platform 
technology and Microsoft 
Corp.’s BizTalk Server busi- 
ness-to-business tools. 


Different Needs 
Cindy Minter, assistant gen- 
eral manager of IT at the 
Modesto Irrigation District, 
a water and electric utility in 
Modesto, Calif., said Siebel is 
taking the right direction with 
UAN, as long as it ensures that 
the packaged integration code 
will allow flexibility for the 
unique needs of different 
users. “No two power compa- 
nies are the same,” she noted. 
Siebel’s biggest challenge 
with UAN is to show wide- 
spread adoption, said Erin 
Kinikin, an analyst at Giga In- 
formation Group Inc. in Cam- 
bridge, Mass. Most users still 
view UAN as being in the ex- 
perimental phase, she said. 
Siebel currently has about 
35 UAN customers, company 
officials said. Nimish Mehta, 
group vice president of UAN, 
said Siebel has been building 
up its consulting and technical 
support capabilities for the 
technology and is “delighted” 
with the progress it’s making 
on sales. @ 42045 
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NEWS 


HP e3000 Users Are Facing 
Tough Migration Choices 


Software vendors have varied plans for 
porting MPE apps to new platforms 





BY PATRICK THIBODEAU 
EWLETT-Packard 
Co.’s decision to 
end support of its 
HP e3000 system 
is forcing users such as Greg 
Brown, IT manager at Peerless 
Pump Co., to make some very 
difficult decisions affecting his 
entire IT infrastructure. 

The HP e3000 runs a pro- 
prietary operating system and 
database and is a platform for 
many third-party business ap- 
plications. The vendors of 
those applications, many of 
which provide core financial 
and health care systems for 
HP e3000 users, are porting 
to other operating systems. 

But the vendors are all over 
the map with their porting 
plans, which may limit a user's | 
HP e3000 platform migration 
options. Some are offering 
only one operating system and 
database migration path, while 
others are offering a range of 
choices. Brown’s ERP vendor 
is in the latter category, but 
the migration is still a tough 
decision. 

The vendor, ExegeSys Inc. 
in Salt Lake City, said last 
week it will have its system 
ported to HP-UX, Windows 
and Linux early next year and 
to IBM’s AIX at an undeter- 
mined later date. 

Brown said he doesn’t think 
Windows is stable enough to 
run a robust business system. 
Linux has appeal, but it’s still 
new, he said. HP/UX “is prob- | 
ably the most data center-wor- 
thy operating system,” Brown 
said, but added that he thinks 
its market penetration has 
peaked and wonders about the 
future of Unix in the long run. 

“What you always like to 
look for as an IT manager is, 
five to 10 years from now, 
what are going to be the per- 
vasive technologies?” said 


| 
| 





| security managers 
| . 
said at the Cyber 


Brown, whose Indianapolis- 
based company makes pumps 
used in fire suppression and in 
the agricultural and chemical 
industries. “I like to stay in the 
middle of the pack, where 


| things are supported,” he said. 


Scott & White Health Plan 
moved to the HP e3000 in 
the early 1990s after picking 
a health care management 
system developed by Amisys 
Synertech Inc. in Rockville, 
Md. The HP e3000 was the 
only system Amisys supported 
at the time. 

Troy Stillwagon, IT director 





Weighing Options 





at Temple, Texas-based Scott 
& White, said his company de- 
cided to continue with Amisys 
after it ported the application 
to HP-UX. But Stillwagon 
wants the vendor to support 
other operating systems, too. 

“We think the viability of 
the company and their ability 
to maintain market share will 
be better supported if they sell 
it on many platforms instead 
of just one,” said Stillwagon. 
Amisys isn’t ruling out sup- 
port for other platforms and 
is assessing customer and 
market demand, a company 
official said. 

Mitchell Humphrey & Co. 
in St. Louis has offered its fi- 
nancial application on the HP 





www.computerworld.com 


e3000 as well as Windows for 
over a decade. It’s migrating 
clients to Windows, and so far, 
it hasn’t had a large client opt 
out of taking that approach, 
according to Tim Kiely, the 
company’s business develop- 
ment manager. 

But Jim Roberts, chairman 
of the Mitchell Humphrey 
user group and financial sys- 
tems project manager at the 
Virginia State Department of 
Mental Health in Richmond, 
said there are users who are 
interested in a Unix operating 
system and Oracle database 
combination and see a Win- 
dows-only choice as limiting. 

HP’s preferred migration 
option is HP-UX. It has devel- 
oped a kit that can convert an 
HP e3000 into an e9000 and 
is offering incentives such as 
trade-in and trade-up rebates 
for series 9000 servers and 
storage, hardware loaner pro- 
grams and free conversion to 
HP-UX. @ 42026 





Scare Tactics No Longer Guarantee Security Funding 


BY DAN VERTON 
NEW YORK 


Chiet security officers used 
to be able to get the funding 


| they wanted for critical IT se- 


curity projects by using news- 
paper clippings detailing secu- 
rity failures that cost other 
companies millions 
of dollars. 

Those were the 
good old days, IT 


Security in the Fi- 
nancial Services Sector Sum- 
mit here last week. Budgeting 
for security today is a lot more 
complicated. 

“Responsibilities are in- 
creasing, the time pressures 
are increasing, and we're un- 
der increasing legal and regu- 
latory pressures. The only 
things that are not increasing 
are our funding and staffing 
levels,” said Gene Fredricksen, 
vice president for information 
security at Raymond James 
Financial Services Inc. in St. 
Petersburg, Fla. “It requires 
us to rethink how we budget. 
The old fear, uncertainty and 
doubt model doesn’t seem to 


REGULATE THIS 


Financial firms are wrestling 
with a slew of new state and 
federal laws and regulations: 
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be working anymore. We can’t 
scare our senior management 
into giving us money.” 

But that doesn’t mean that 
senior executives aren’t inter- 
ested in security, other securi- 
ty managers said. On the con- 


trary, many senior executives 
eee 


and corporate 
boards with control 
of corporate purse 
strings are simply 
demanding more 
information on the 
elusive return on 
investment and overall busi- 
ness benefit of incremental in- 
creases in security spending. 
“T need to get [my board of 
directors] to calm down,” said 
Dave Cullinane, chief informa- 


| tion security officer at Seattle- 


based Washington Mutual Inc. 
The new regulatory environ- 
ment is affecting IT security 
priorities more than anything 
else, he added. 

However, “I do find myself 
more and more trying to show 
[the board] that there is a 
valid [ROT],” he said. “As of 
Jan. 1, I have to start quantify- 
ing losses so that I can build 
a two-year and a three-year 





database, so that in 2007 we 
can decide how much money 
to set aside to cover [those 
losses]. So I’m not having 
much trouble convincing se- 
nior management. I’m having 
much more trouble trying to 
figure out how to do [ROI] 
the right way.” 

Good luck, said Bruce Moul- 
ton, vice president of informa- 
tion security business strategy 
at Symantec Corp. According 
to Moulton, calculating an ac- 
curate, meaningful ROI for se- 
curity “is out of reach.” Be- 
cause of all the unknowns 
that must be taken into ac- 
count, ROI simply can’t be cal- 
culated reliably, he said. 

Moulton also noted that 


& uncertainty 
and doubt model 
doesn’t seem to be 
working anymore. 


CO oe eeeeeseesereeseseresesssees 


GENE FREDRICKSEN, VP FOR 
INFORMATION SECURITY, RAYMOND 
JAMES FINANCIAL SERVICES INC. 





budgets are tight and spending 
must be done selectively. And 
that might have security archi- 
tecture implications, he said. 

“We might end up protect- 
ing some things and not pro- 
tecting other things,” said 
Moulton. He added that some 
companies may find them- 
selves partitioning their net- 
works into protected data and 
“sacrificial” data based on pri- 
oritized spending. 

David Furnas, senior enter- 
prise security engineer at 
Leicestershire, U.K.-based 
Deltanet International Ltd., 
said it’s crucial to win senior 
management’s confidence that 
spending requests aren’t going 
overboard. 

“It’s important to set their 
expectations such that you’re 
not going to them with pie-in- 
the-sky requests that are com- 
pletely off the mark based on 
your business needs and based 
on the regulatory environment 
in which you have to operate,” 
said Furnas. @ 42025 


MORE THIS ISSUE 


To read more about securing a bigger IT 
security budget, see our story on page 46. 
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The right management should do more 
than just protect. It should also enable. 
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Three CA Execs 
Quit After Inquiry 


Computer Associates Internation- 
al Inc. said its chief financial offi- 
cer and two other finance execu- 
tives are leaving after a prelimi- 
nary investigation into the soft- 
ware vendor’s past accounting 


practices. CA said it asked the ex- | 


ecutives to resign after the in- 
quiry determined that revenue 
from some software sales was 
booked prematurely during the 
fiscal year that ended March 31, 
2000. (For more details, go to 
our Web site: QuickLink 41981.) 


Jury Ruling Spurs 
Browser Changes 


Microsoft Corp. said it’s making 
“minor changes” to its Internet 
Explorer Web browser after a U.S. 
District Court jury ruled against it 
in a patent infringement suit filed 
by Chicago-based Eolas Tech- 
nologies Inc. and the University of 
California [QuickLink 40579]. 
The changes, which are due to be 
completed early next year, will 
modify the way Internet Explorer 
handles some Web pages using 
ActiveX controls. 


Sybase Upgrades 


Sybase Inc. announced an up- 
grade of its enterprise-class data- 
base software that includes new 
self-management capabilities, 
performance improvements and 
expanded support for Web ser- 
vices and XML. Dublin, Calif.- 
based Sybase said the Adaptive 
Server Enterprise 12.5.1 release 
will become available this week. 


Short Takes 


MICROSOFT was awarded a patent | 


for an instant messaging feature 
that alerts end users when other 
people are typing messages to 
them. . . . INFORMATION BUILDERS 
INC.’s iWay Software Inc. unit in 
New York said it’s buying the soft- 
ware adapter business of Actional 
Corp. in Mountain View, Calif. 
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| intended to eventu- 


| need for companies 
| to embed separate 


| functions for each application. 


| ing and handling such func- 
| tions to a shared application 
| security service, said George 


| plication security at the San 





| Holy Grail,” 
| manager of information secu- 


Enterprise Database | 


| such technologies, there are 
| enormous challenges involved 
| in linking disparate systems 
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BEA Pitches Shared 


| Middleware allows delegation of security, 
| access-control management functions 





BY JAIKUMAR VIJAYAN | 
EA SYSTEMS INC. this _| 
week will roll out | 
middleware technolo- 
gy aimed at helping 

companies build a shared se- 


| 
cr ae 
| curity infrastructure for au- | 
| thenticating, authorizing and | 


auditing user access to both 


ally eliminate the 


: | 
security and access-control | 
Instead, BEA’s new WebLog- 
ic Enterprise Security (WLES) 
product will allow companies 
to delegate the task of manag- 


Kassabgi, vice president of ap- 


Jose-based company. 

Such a shared environment 
“would most definitely be the 
said Val King, 


rity at Canadian Pacific Rail- 
way Ltd. in Calgary, Alberta. 
But despite the need for 


using a shared security service 
model, users and analysts said. 
For example, the ability of a 
product such as WLES to bro- 
ker identity and security infor- 
mation with older applications 
is totally untested, King said. 


A New Mind-set 
“The kind of space that BEA is 
dealing with is complex 
enough that a lot of people 
have been satisfied with work- 
around solutions,” said Randy 
Heffner, an analyst at For- 
rester Research Inc. in Cam- 
bridge, Mass. 

The use of technologies like 





| curity service layers, he s. 


| oped,” 


WLES will also require a fun- 
damental change in the way 
companies approach applica- 
tion development, said Earl 
Perkins, an analyst at Meta 
Group Inc. in Stamford, Conn. 
These technologies elimi- 
nate the need for developers 
to code separate access and 


security functions with each 


new application. As 
a result, changes 
have to be made in 
the development 
process to accom- 
modate the ex- 


| change of authentication and 


authorization information be- 
tween the application and se- 
aid. 

“There’s a cultural mind-set 


| that needs to change in the 


way applications are devel- 
Perkins said. 

Even so, technologies such 
as WLES address an important 


| need, said Robert Levine, 
| president of Sena Systems Inc. 


an Iselin, N.J.-based systems 


| integrator. 


“A number of our leading 
clients are looking at ways in 





Security Services Model 


SIE Tee meym lA] 


BEA’s WebLogic Enterprise 
Security product is designed to: 
ENABLE a service-oriented 
approach to delivering applica- 
tion security. 


and management of authentica- 
tion, authorization and access- 
control policies. 


ELIMINATE the need to 
code separate security policies 
into individual application 
environments. 


which they can centralize au- 
thorization decisions by 
pulling them out of applica- 
tions and making them an in- 
frastructure component,” said 
Levine. The goal is simplified 
application security policy de- 
velopment and enforcement, 


| he said. 


A core aspect of WLES is its 
ability to work with multiple 
Web access management 
products and other security 
management tools that may be 
used for authentication and 
authorization functions, Kass- 
abgi said. The idea is to allow 


| companies to take existing 
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technology and code and turn 
them into a distributed enter- 
prise security service with 
minimal disruption, he said. 

BEA isn’t the only company 
— nor was it the first — to try 
to move users to a shared se- 
curity services infrastructure. 

Quadrasis Inc. in 2001 was 
one of the first to release a 
product aimed at helping com- 
panies unify and centralize se- 
curity policies. The Waltham, 
Mass.-based company’s Secu- 
rity Unifier product was 
pitched as a tool for brokering 
security functions across a 
range of applications, but so 
far it has failed to gain much 
market attention. 

IBM moved in that direction 
by embedding its WebSphere 
application server software 
with its Tivoli Access Manag- 
er technology. Some vendors 
of Web access management 
products, such as Netegrity 
Inc. in Waltham, Mass., have 
also been expanding their 
Web single sign-on technolo- 
gies for use in legacy environ- 
ments. Oracle Corp. is expect- 
ed to make an announcement 
similar to BEA’s next week. 

BEA is trying to differenti- 
ate itself by making its tech- 
nology as broadly interopera- 
ble with other products as 
possible, Heffner said. “The 
difference is that BEA’s is 
more of an architectural ap- 
proach. And that has a lot of 
merit,” he said. @ 42028 


IBM Upgrades ID Management Line 


IBM last week upgraded its Tivoli 
line of identity management 
products, adding new features 
designed to allow companies to 
use ID information more effi- 
ciently and securely in changing 
business conditions. 

The upgrades include the 
following: 

w BM Tivoli Access Manager 
Version 5.1, featuring a new Dy- 
namic Rules Engine for automat- 
ically pulling user information 
from multiple sources to help 
make access-control decisions 
involving complex transactions. 
Anew Dynamic Group Support 
feature is aimed at making it 


easier for companies to respond 
to organizational changes, such 
as mergers and acquisitions, in- 
volving ID information. 

@ Tivoli Identity Manager Ver- 
sion 4.5, offering a new auto- 
mated workflow engine for man- 
aging and enforcing policy 
based on a user's changing sta- 
tus within a company. 

mw Tivoli Privacy Manager Ver- 
sion 1.2, with support for real- 
time privacy and security compli- 
ance checks of up to 100 trans- 
actions per second. 

The changes are part of IBM's 
broad effort to enable all of its 
products to participate in an on- 


demand computing environment, 
said Jeff Drake, director of secu- 
rity strategy at IBM. “(ID man- 
agement] products need to be 
very flexible. They need to be 
able to synchronize, receive and 
send data into business process- 
es” more efficiently, Drake said. 
IBM's identity management 
efforts are well focused, said Val 
King, information security man- 
ager at Canadian Pacific Railway. 
The railway uses Tivoli tools, 
among others, to control and se- 
cure access to its customer por- 
tal site and to manage pass- 
words for its 18,000 employees. 
~ Jaikumar Vijayan 
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s Security is the last thing on this Chief-Security Officer's mind: That’s because it’s the first thing on ours. Armed 
SECU age 
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> 


with real-time information and response capabilities from VeriSign’s Sectirity Intelligence and Control” Services, 


he can now take the initiative. Play offerse, tather than defense: Focus on the : 
kinds of projects that will keep his Fortune 500 publishing company he) 
competitive, like establishing-a global VPN. And reducing operating costs. Now ol Ign 


he can think freely. At least until an editor calls, wanting to stop the presses. The Value of Trust 
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Microsoft Unveils Its Plans for 
Web Services Management Packs 


Software maker to add set of modules 


to Microsoft Operations Manager 2004 





BY CAROL SLIWA 
ICROSOFT CORP. 
disclosed last 
week that the next 
version of its op- 
erations management software 
will introduce a set of pack- 
ages to monitor Web services. 
Microsoft Operations Man- 
ager (MOM) 2004, due next 
summer, will include an end- 
to-end Web services manage- 
ment pack for monitoring the 
availability and performance 
of services that span multiple 
systems and applications, ac- 
cording to company officials. 
There will be no separate 
charge for the management 
pack, which will ship with 
MOM, said David Hamilton, 
director of Microsoft’s enter- 
prise management division. 
In addition, the company is 


Continued from page 1 


Patches 


Amy Carroll, a director in 
Microsoft’s security business 
unit, said the company will re- 
duce the number of patch in- 
stallers from eight to two: one 
for the Windows kernel, and 
one for Microsoft applications. 

In addition, Microsoft is 
promising better-quality 
patches and rollback capabili- 
ty in case application incom- 
patibility problems arise. 
Patches will also be reduced in 
size by up to 80% to aid users 
on slow networks, and the 
number of reboots needed for 
patch installation will be cut 
by up to 30%, reducing server 
downtime, Ballmer said. 

But the challenge that Mi- 
crosoft faces as it attempts to 
ease the patch management 
process was apparent when 
Ballmer polled partners about 
the company’s free Software 
Update Services (SUS), which 


planning a set of additional 
management packs for key el- 
ements of the Web services 
stack, such as the UDDI direc- 
tory protocol and the .Net 
Framework, Hamilton said. 
Eric Rudder, senior vice 
president of servers and tools 
at Microsoft, told Computer- 


| world in August that the com- 
| pany would enter the Web ser- 


vices management market 
with compelling offerings to 
monitor the services and use 
them to manage their other 
systems [QuickLink 40506]. 
But at the time, Microsoft 
was still collecting feedback to 


| gain an understanding of cus- 
| tomer needs in the area of 
| Web services. Hamilton said 


the decision to introduce man- 


| agement packs is based on 
| that customer feedback. 





corporations can use to auto- 


| mate patch distribution to em- 
| ployees on a scheduled basis. 

| The vast majority of over 

| 4,000 partners in the keynote 


session indicated by a show of 
hands that they didn’t use SUS 
1.0 or hadn’t heard of it. 

“Tt will scan the machines, 


| let you know what needs to be 


patched, apply the policy, roll 
it out,” Ballmer explained, call- 
ing SUS “the corporate equiv- 
alent of Windows Update for 
the consumer market.” 
Microsoft plans to release in 
the first half of next year Ver- 


MICROSOFT’S SECURITY ROAD MAP 


——Ihis year___. __First half 2004 __ Second half 2004 


« Central Microsoft 
Update site for all 
patches 


a Monthly patch 
releases 


@ Security seminars, 
monthly webcasts 


aw Report on how 
Microsoft secures 
its systems 

a IT Pro Security 
Zone online site 





San aaa: 
XP Service Pack 2 

@ Release of Software 
= Patching enhance- 
ments 


NEW PRODUCTS 


“They’re still learning 
what they can do in the Web 
services space,” he said, noting 
that the need for Web services 
management has been basic so 
far. Hamilton said customers 
mainly want to know if a ser- 
vice is up or down. 

Bob Muglia, senior vice 
president of Microsoft’s enter- 
prise management division, 


sion 2.0 of SUS, which will 
add support for more Micro- 
soft products. SUS 2.0, which 
is complementary to Systems 
Management Server 2003, will 
also feature enhanced report- 
ing capabilities and improved 
administration controls. 
“We're definitely going to 
take a look at it,” said Samith 


| Kollipara, a technology con- 


sultant at Hanigan Bjorkman 
Ecklund LLP in Lincoln, Neb. 
Like many conference atten- 
dees, Kollipara said he was un- 
aware of SUS until last week. 
To lend more predictability 


a Windows Server 
2003 Service Pack 1 


Seen eww nanan 


@ Next-generation 
safety and inspection 


et 


s 
and Acceleration 
Server 2004 








said customers eventually will 
want to understand the cause 
of response-time delays and 
the level of resources taken up 
by different attributes of the 
application. He said Microsoft 
will enhance the product over 
time, particularly once it com- 
pletes work on the System De- 
finition Model, an XML-based 
schema that will define the re- 
sources on which an applica- 
tion depends, its operational 
behavior and the manner in 
which it’s deployed. 

In addition to its own Web 
services management efforts, 
Microsoft is working with oth- 
er vendors to ensure that .Net- 
based Web services written 
for the Windows operating 
system can be managed in a 
heterogeneous environment. 
MOM management packs for 
Web services from Actional 
Corp., AmberPoint Inc. and 


| Computer Associates Interna- 


tional Inc. will be unveiled at 


to the patching process, Ball- 
mer said Microsoft will re- 
lease nonemergency patches 
no more than once per month. 
Emergency patches, however, 


will continue to be released on | 


an immediate basis. 
To help customers with old- 
er systems, Microsoft plans to 


| extend security patch support 


until June 2004 for Windows 
2000 with Service Pack 2 and 
for Windows NT 4.0 Worksta- 
tion with Service Pack 6a. 

But patching isn’t enough to 
protect customer systems, 
Ballmer said. So Microsoft 
plans new safety technologies 
that focus on client systems 
and the network perimeter to 
provide protection against ma- 
licious e-mail and Web con- 
tent, viruses and worms, and 
buffer overruns, he said. 

The safety technologies will 
first ship in Service Pack 2 for 
Windows XP, which will go 
into beta by year’s end with a 
planned ship date in the first 
half of next year. Improve- 





Microsoft’s Professional De- 
velopers Conference in Los 
Angeles later this month, 
according to Hamilton. 

Also due at the conference 
are connectors to enable users 
te integrate MOM with third- 
party management products 
from IBM’s Tivoli division, 
CA and System Management 
Arts Inc. via a Web-services- 
based framework that enables 
bidirectional alert forwarding 
and synchronization. 

Hamilton added that a pri- 
vate beta of MOM 2004, which 
doesn’t include the Web ser- 
vices management pack, be- 
gan shipping two weeks ago. A 
public beta is expected by 
year’s end, with general avail- 
ability planned for mid-2004. 

Microsoft officials also dis- 
closed last week that the com- 
pany’s long-awaited Systems 
Management Server 2003 will 
be released to manufacturing 
on Oct. 22. It’s scheduled to 
launch on Nov. 1 at an IT fo- 
rum in Copenhagen. The new 
version features enhanced 
support for remote PCs, tight 
Active Directory integration 
and support for non-PC Win- 
dows devices. @ 42038 


ments will include an updated 
Internet Connection Firewall 
that’s turned on by default. 

New safety technologies will 
also be included in Service 
Pack 1 for Windows Server 
2003, which is due for a beta 
release in the first half of next 
year, with a target ship date in 
the second half of next year. 
Perimeter-inspection technol- 
ogy in the server operating 
system will allow companies 
to block laptops or other com- 
promised systems from access- 
ing the network, according to 
Microsoft officials. 

Meanwhile, Microsoft will 
promote new education and 
training opportunities. A day- 
long developer security sym- 
posium will be held later this 
month at its Professional De- 
velopers Conference. Later this 
fall, free TechNet Security 
Seminars will be held in cities 
around the world, and in No- 
vember, the company will start 
monthly security webcasts. 


@ 42034 
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Microsoft Releases Small-Business Bundles 


NEWS 


Upgrades are based on Windows Server 2003; 
-arly adopters focus on added collaboration tools 





BY CAROL SLIWA 
Microsoft Corp. last week released 
two versions of its software bundle for 
small businesses, combining Windows 
Server 2003 with a variety of its other 
server-level products. 

The Windows Small Business Server 
2003 package will be sold in separate 
editions for the first time: an entry-lev- 
el version that adds Exchange Server 
2003 and two other products to the op- 
erating system, and a premium version 
that also includes Microsoft’s database, 
firewall and Web-authoring technolo- 
gies (see box). 

But the component that appears to 
be generating the most excitement 
among some early users is Windows 
SharePoint Services. That product, 
which has been added to the small 
business bundle, lets workgroups cre- 
ate internal Web sites to share infor- 
mation and collaborate. 

Until a few months ago, the 14 em- 
ployees at Game Face Inc. in Tualatin, 
Ore., used e-mail messages with at- 
tachments to collaborate on the 100 or 
so proposals they produce for clients 
each year. Now that the executive 





training and recruitment company has 
installed Small Business Server 2003, 
workers can access, comment on and 
edit documents on a central server. 

Game Face spent more than $30,000 
on server software and hardware, desk- 
top Windows and Office upgrades, ca- 
bling, and outsourced IT help in con- 
nection with the implementation. But 
Thomas Peterson, senior vice presi- 
dent of business development at Game 
Face, estimated that the company will 
save about $8,000 per month due to in- 
creased productivity. 

The software is also expected to 
boost Game Face’s revenue potential 


| because workers can now track and re- 


spond to client inquiries more quickly. 
“This is helping us to not look like a 
small business,” said Robert Cornilles, 
the company’s president. 

Gene Austin, general manager at 
Fischer-Herron Inc., a company in 
Orange, Calif., that does sales and mar- 
keting work for makers of food ser- 
vices equipment, said he spent almost 
two years hunting for software to help 
his workers electronically access and 
manage purchase orders, price lists 


Middleware. 
It’s on Broadway. 
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and other business documents. 

Austin said his company, which does 
business as The Fischer Group, migrat- 
ed from Windows Small Business 
Server 2000 to the new version to get 
Windows SharePoint Services. The 
company spent about $20,000 to up- 
grade its systems, despite not having to 
pay anything for the software bundle 
because it had purchased Microsoft's 
Software Assurance license option. 

For example, Fischer Group added 
more system memory, upgraded its 
PCs to a newer version of Windows 
XP Professional and hired outside 
workers to help develop its SharePoint 
site. But Austin said the company has 
been able to shift a full-time employee 
who was responsible for filing paper 
documents to a more productive job, 
and he predicted that the new system 
will also help its sales force become 


more productive. @ 41992 





Microsoft’s Autonomic IT Plan Starts 
With Development Tools, Exec Says 


BY MATT HAMBLEN AND CAROL SLIWA 
Bob Muglia, senior vice president of Mi- 
crosoft Corp.’s enterprise storage and 
management divisions, is one of the ar- | 
chitects of the autonomic computing 

plan that the software vendor an- 
nounced in March [QuickLink 37220]. 
Musglia last week spoke with Computer- 
world about Microsoft’s efforts to sell 

IT managers on its Dynamic Systems 
Initiative (DSI) approach. 


What differentiates DSI from the au- 
tonomic computing technology of- 

fered by other vendors? The key 
distinction we’re making is that 
we're looking at what we can do 

to the developer tools to make 

it easy to build applications 

that, later on, can be managed 
through the operations part of 

the life cycle. When IBM talks 

about autonomic computing, they of- 
ten talk about the resource-balancing 
nature of it, and that is something 
we're also focused on. 

However, I’m less concerned about 
the use of computer resources in a data 
center and more concerned about the 
people cost of developing, deploying 
and operating applications. By captur- 
ing management knowledge at the de- 
velopment stage of an application as 
we do, there’s a lot to be done to lower 
the cost of operating these systems. 





How will you get users interested in the DSI 


concept in this economy? People have to 
see value in technology producing 
business results. If you have pre-exist- 
ing systems that are running, in a lot of 
senses the cheapest thing you can do is 
continue to run them and not make 
changes. You'll always incur cost when 
you make changes, and the change 
doesn’t always benefit you the way you 
want. [So we plan to] generate excite- 
ment for DSI by making sure people 
understand that this is the 
place where they can deliver 
business value, and in the 
process, they can roll out appli- 
cations more quickly and man- 
age them more effectively. As a 
platform vendor, we think 
holistically about that. We 
think about enhancing devel- 
opment tools, what we do in 
the operating system, what we 
do within the management pieces, and 
we think there’s a lot of advantage in 
having that top-to-bottom approach. 


What's the revenue potential of DSI? I can 
talk about what our objectives are, and 
our objectives are to provide a better 
environment for people in the Win- 
dows platform. [DSI] is not revenue- 
driven in the sense of driving revenue 
for management tools, but [it is] fo- 
cused on making Windows Server 
more competitive in the marketplace. 
That’s the foundation of what we need 
to do to grow our business. @ 41979 
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DHS Broadens Biometrics 
Use for Border Control 


Department may spend over $30M for technology 





BY DAN VERTON 

WASHINGTON 

The U.S. Department of Homeland Se- 
curity has jump-started an aggressive 
biometrics deployment program to 
help fill gaps in U.S. border security 
procedures. 

The DHS last week announced that 
it reached a $3.5 million agreement to 
buy 1,000 optical-stripe read/write 
drives and biometric verification sys- 
tems from Information Spectrum Inc. 


DHS Biometrics 
Contracts 


VENDOR: Information Spectrum Inc. 


PRODUCT: 1,000 optical-stripe read/write 
drives and biometric verification systems 


CONTRACT VALUE: $3.5 million 








JOR: Identix Corp. 





RODUCT: TouchPrint 3000 live-scan finger- 
print booking stations and desktop systems 


NTRACT VALUE: Up to $27 million 








(ISI), an Annandale, Va.-based sub- 
sidiary of Anteon Corp. The equip- 
ment will be used in the U.S. Visitor 
and Immigration Status Indication 
Technology program. The contract 
comes on the heels of an announce- 
ment earlier this month that the de- 
partment had signed one of the largest 
contracts in history for biometric fin- 
gerprint-scanning technologies — 
worth up to $27 million — with Min- 
netonka, Minn.-based Identix Corp. 
Mark Heilman, executive vice presi- 
dent of corporate development at An- 
teon, said that although biometric 
technology has progressed substantial- 
ly over the past several years, “the jury 
is still out” in terms of its ability to 
handle a challenge as large and com- 
plex as homeland security. “There 


are a number of technologies out there, 


and I think DHS is still looking for the 
right mix,” Heilman said. “I think there 
will be some choices made during 
the next year or so that will shake out 
the industry.” 

Heilman said the contract gives the 





Middleware. 
It’s in the bank. 





DHS the flexibility to use a number of 
biometric systems, including the Iden- 
tix fingerprint system or an iris scan. 
The ISI optical drives and biometric 
verification software will be deployed 
at ports of entry around the USS. for 
operation on existing DHS systems. 
Using the software, border-crossing 
agents will be able to read the data en- 
coded on any of the more than 13 mil- 
lion permanent-resident and border- 
crossing cards issued by the U.S. gov- 
ernment and then authenticate the bio- 
metric data stored on the cards and 
alert DHS inspectors to the presence 
of possible counterfeit cards. 
Meanwhile, through a five-year blan- 
ket purchase agreement that could be 
worth up to $27 million, the DHS said 
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it will begin deploying Identix’s 
TouchPrint 3000 live-scan fingerprint 
booking stations and desktop systems 
to support the Citizenship and Immi- 
gration Services (CIS) program as well 
as other departments within the DHS. 

The CIS program will use the Iden- 
tix fingerprint-scanning system to digi- 
tally capture and electronically submit 
fingerprint images from immigration 
applicants to the FBI. The fingerprints 
will then be used to conduct criminal 
background checks. 

Frances Zelazny, a spokeswoman for 
Identix, said the DHS has already is- 
sued its first order, totaling more than 
$2 million, under the contract and 
plans to extend the contract to its over- 
seas screening operations. @ 41964 





Grocer Uses Content Management 
To Standardize Store Operations 


BY TODD R. WEISS 
Regional supermarket chain Giant Ea- 
gle Inc. is installing a content manage- 
ment and collaboration system at all 
214 of its grocery stores in an effort to 
ensure that business operations are 
consistent from store to store. 

The Pittsburgh-based company, 
which does business in Pennsylvania, 
Ohio, West Virginia and Maryland, an- 
nounced details of the project last 
month along with software vendor 
Open Text Corp. Giant Eagle began 
rolling out Open Text’s Web-based 
Livelink tools in May and has them in 
place at about 70% of its stores. The 
deployment is due to be completed 
within 12 months, Giant Eagle said. 

The grocer is also testing a real-time 
Web conferencing application devel- 
oped by Waterloo, Ontario-based Open 
Text. The packaged software replaces a 
prototype content management system 
that Giant Eagle built three years ago. 

Jack Flanagan, vice president of 
business systems at Giant Eagle, said 
the company’s management realized it 
had to do a better job of fostering uni- 
form operating practices in order to 
meet a goal of increasing annual rev- 
enue from $5 billion now to $9 billion 
within four years. 

In the past, Giant Eagle sent out 
memos on paper, Flanagan said, but 
that often led to communication delays 
or the spread of misinformation. In 
comparison, the content management 
system lets store workers use PCs to 
search databases of information about 
operating policies. 

The company is running the Open 





Text software on Windows 2000 
servers and has linked those machines 
to an Oracle database server that’s 
based on IBM’s AIX version of Unix. 
Giant Eagle officials didn’t disclose the 
expected total cost of the project, but 
they said the grocer has spent about 
$2.3 million on the initiative over the 
past three years. 

Rich Levine, Giant Eagle’s senior 
project manager for information sys- 
tems, said the company evaluated 
products from about 20 software ven- 
dors. He said that in addition to data 
workflow and indexing tools, Livelink 
includes threaded discussion forums 
that let workers collaborate and ex- 
change information. 

Rob Lancaster, an analyst at The 
Yankee Group in Boston, said content 
management vendors are making in- 
roads with users in markets other than 
finance and health care, two early 
adopters of the software. The integra- 
tion of collaboration capabilities has 
become a key selling point, Lancaster 
added. “It brings content management 
a step closer to knowledge manage- 


ment,” he said. @ 41978 
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MARYFRAN JOHNSON 


Gridlock Reality 


F YOU TAKE A BIG SWIG of vendor Kool-Aid 
from IBM, Hewlett-Packard, Sun Microsys- 
tems or Oracle these days, it’ll taste a whole lot 
like grid computing. The actual flavor might 
be labeled (or mislabeled) as something else: utility, 
on-demand, autonomic, adaptive or even pervasive 
computing. But the upshot will be this notion of 


making miraculously 
cost-effective use of idle 
networked computing re- 
sources. 

If you believe the vari- 
ous descriptions of grid 
(everybody has a favor- 
ite), we’re heading toward 
an IT nirvana where 
processing power and ap- 
plications will be dynami- 
cally reconfigured and 
delivered from one big 
virtual pool of resources. 

Data will be secure but available 
from anywhere, and network com- 
plexity will be tucked out of sight. 

It’ll be so great when it gets here. 

Despite the full-court press from 
vendors, skepticism prevails among 
business and commercial users, in- 
cluding some senior IT executives 
on a panel I moderated recently. We 
were talking about where technolo- 
gy is heading, comparing practical 
realities to market spin, and I asked 
their opinions about what is today’s 
most hyped technology, fully ex- 
pecting it to be Web services. “Grid 
computing,” everybody said. 

What seemed to irritate my pan- 
elists most was the answer-to-your- 
prayers urgency of vendors with a 
few new products to push. 

“Marketers are exploiting the per- 
ception that grid is an advanced 
technology and in many cases are 
applying the term to offerings that, 
at best, have only a tenuous relation- 
ship with the strict definition of a 
grid,” wrote Gartner analysts Carl 
Claunch and Anne Powell earlier 
this year. The analysts cautioned 
that grid computing was “well on its 





way to the Peak of Inflat- 
ed Expectations” (I 
swear, I’m not making 
that up) in the Gartner 
“hype cycle model.” 
Indeed, the grid proj- 
ects making headlines 
tend to be group efforts 
involving universities, 
science or engineering 
companies and hefty fed- 
eral grants. So when Or- 
acle CEO Larry Ellison 
claimed a few weeks ago 
that half of his current database cus- 
tomers will be grid users in five 
years, he was just, well, being Larry. 
Despite some compelling proj- 
ects, grid computing is many years 
away from everyday use in business. 
That’s the conclusion of the story 


| “Grids Extend Reach” (page 29), 


which examines the current state of 
this still-emerging technology. 





What’s keeping enterprise users 
at arm’s length from grid comput- 
ing? Quite a lot. For starters, the 
mystery pricing schemes, lack of 
management tools and fluid arrival 
dates for many of the announced 
products make it difficult to em- 
brace. Few business applications 
were written with parallel process- 
ing in mind, which means major 
code rewrites for the rest of them. 

The proprietary impulses of ven- 
dors also threaten to slow the adop- 
tion of grid computing, since open 
standards are so crucial to its opera- 
tion. The first warning sign came 
last month, when Oracle announced 
that it was forming a consortium for 
developing commercial grid appli- 
cations. Yet the Global Grid Forum, 
established in 1999, already has hun- 
dreds of members. How nicely Ora- 
cle plays with the Forum bears close 
watching. 

The fact that grid computing is 
continuing to grow in its traditional 
strongholds — drug and biotech 
companies, universities and federal- 
ly funded consortia — bodes well 
for it to mature eventually into seri- 
ous business offerings. 

But if you’re inclined to pass on 
the vendor Kool-Aid for now, you’re 
not missing much. @ 41990 
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Going Digital 
Is Real Issue 
At the NYSE 


OU CAN SPEND TIME 

arguing about whether 

Richard Grasso should 
have been dumped as chair- 
man and president of the New 


York Stock Exchange over his 
$139.5 million compensation package. 
But there’s no dispute that spending 
$139.5 million would get the NYSE a 
nifty IT starter kit to eliminate floor 
traders, make irrelevant the concept of 
self-regulation and banish the clubby 
network of firms that make money do- 
ing what IT can do more efficiently. 

The flap over Grasso’s compensation 
is a distraction from the real issue fac- 
ing the NYSE: whether to go complete- 
ly digital. 

There may be nos- 
talgic and cultural 
considerations for 
maintaining a large 
hall on the tip of a 
small island where 
exchange members 
buy and sell shares of 
stock at the behest of 
investors. Taking or- 
ders over the phone 
and via handheld has 
matured to the point 
where billion-share days are no big 
deal. But although the NYSE has added 
technology trading systems such as 
OpenBook and Direct+, it hasn’t gone 
as far as Nasdaq to make multiple 
quotes available to nonspecialist 
traders. More and more shares are be- 
ing traded off the exchange floor. But 
many traders are worried that without 
an actual exchange, their profits will 
suffer. And while the NYSE has poured 
IT dollars into its operations, it has 
only propped up the existing structure, 
not remade it. 

From an IT perspective, this is anti- 
quated thinking. 

Electronic commerce networks 
(ECN) such as Instinet Group Inc. and 
Archipelago Holdings LLC, known as 
ArcaEx, routinely serve institutional 
traders by offering an electronic mar- 
ketplace to trade NYSE, American 
Stock Exchange and Nasdaq stocks. In- 
deed, these ECNs easily connect with 
Nasdaq’s SuperMontage trading plat- 
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form, where the majority of Nasdaq 
stocks are traded. The technology is so 
good that it can handle 10,000 transac- 
tions per second and has reduced or- 
der-execution costs by 20%. It’s mar- 
keted to traders to help them trade 
NYSE stocks. 

Regulatory oversight has been a con- 
sistent worry when considering the 
closure of the trading floor. Given the 
recent spate of U.S. Securities and Ex- 
change Commission investigations into 
trading activities, an open floor full of 
traders appears to be no easier to po- 
lice than anonymous mouse-clickers in 
bathrobes or “masters of the universe” 
in trading rooms around the world. 

A move to an all-electronic trading 
environment would make it possible 
for separate groups of independent an- 
alysts to monitor trade flows, watch 
the spreads between prices and use 
real-time alarms to warn of irregular 
trading patterns. 

The trouble, of course, is that with 
the pit gone and oversight embedded 
in the IT trading system, there would 
be no one left to earn $139.5 million. 

@ 41844 


DAVID MOSCHELLA 


Users Must 
Set Standards 
For Products 


OR MORE THAN 50 

years, IT customers have 

complained that their 
suppliers do a poor job of 
building standardized, inter- 


operable products. Over the 
next decade, we will find out if the IT 
user community can do the job any 
better. 

Through the 1980s, de facto vendor 
standards such as SNA, DECnet, 
MS-DOS and NetWare determined 
how most IT products were used. 
While efforts were made to link these 
systems, the results were spotty. “Is- 
lands of computing” became the domi- 
nant metaphor for the incompatibility 
that resulted. 

During the 1990s, the largely acci- 
dental emergence of the Internet 
changed all of this, and the IT industry 
began to fulfill its promise. Through 
open standards bodies such as the 
IETF and the W3C, the underlying 
plumbing of the Internet has become 





increasingly interoperable. 
It’s doubtful whether the 
major IT vendors would 
have ever sorted things out 
so effectively by themselves. 

As evidenced by the 
emergence of the OASIS 
e-business standards group 
and the debate over J2EE 
and .Net, vendors and stan- 
dards bodies certainly still 
have roles to play. However, 
over time, these groups will 
lose much of their current 
pre-eminence. 

Consider Web services. Si 
Although XML, SOAP, WSDL, etc., can 
do a good job of linking one applica- 
tion to another, they’re inherently lim- 
ited in that they don’t understand the 
actual meaning of the data being proc- 
essed, the so-called semantic content 
of the application. 

Tim Berners-Lee and the W3C are 
trying to address this limitation by en- 
abling the development of general-pur- 
pose, rules-based Semantic Web sys- 
tems based upon the Resource De- 
scription Framework. It’s an interesting 
and theoretically sound concept. How- 
ever, right now it looks like the real- 
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world standardization 
process will remain the 
task of IT users and, at least 
initially, will be done at an 
industry-specific level. 
Today, just about every 
major business sector has 
launched some sort of 
standards initiative. Promi- 
nent examples include 
RosettaNet (electronics), 
ACORD (insurance), UCC 
(retail), STAR (automo- 
tive), IFX (finance) and the 
health care terminology 
database recently endorsed 
by the U.S. Department of Health and 
Human Services. In many ways, the 
task of these groups is to standardize 
the top levels of the IT industry stack. 
It will be one of the next great e-com- 
merce frontiers. 

As with most IT standards process- 
es, success is by no means assured. De- 
veloping and implementing industry- 
specific standards has significant di- 
rect costs and requires scarce techni- 
cal talent. 

In contrast, many of the benefits are, 
by definition, aimed at industries as a 
whole and aren't usually designed to 





favor one competitor over another. 
This can be a formula for inertia and 
delay; Wal-Mart's aggressive leader- 
ship in the use of radio frequency iden- 
tification technology is important be- 
cause it spurs adoption of a standard. 
History provides reason for opti- 
mism. Over the years, customers have 


| established interoperable, industry- 
| specific IT standards in areas such as 


retail point-of-sale systems, credit 
cards and automated teller machines. 
The challenge today is to replicate 


| these successes on a much wider and 


more rapid scale. Arguably, only Ro- 
settaNet has reached a critical mass of 


| usage and momentum. 


Unfortunately, many IT departments 
are still much more focused on gener- 
al-purpose vendor standards than the 
industry-specific projects that are just 
as important to their businesses. Over 


| time, these priorities will change, with 


IT professionals taking the lead in this 
next great phase of IT standardization 
and growth. @ 41845 
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Readers Are Able to Recognize Bias 


ARYFRAN JOHNSON’S editori- 
al[“A Question of Credibility,” 

QuickLink 41489] exposing the per- 
ils of “sponsored research” from or- 
ganizations such as Forrester and 
the likely bias such information can 
contain is on the money. However, 
she ignores a simple truth: Some- 
one - and it is usually not the press 
- pays the bill for virtually all such 
research. We lack any truly inde- 
pendent product review entity in 
this business. In fact, many industry 
publications are owned by con- 
glomerates that offer similar “propri- 
etary research reporting” services 

Thus, it can be said that the vast 
majority of IT-related research is 
sponsored in some form. The pro- 
fessionals in IT and the business 
C-level types who read these re- 
search reports and the press ac- 
counts about them already accept 
that there’s no such thing as a free 
lunch - that it’s truly buyer beware. 

Virtually all of the research hous- 
es have a bias toward the providers 
or suppliers of technology - their 
community of support - and they 
aren't always going to tell you who 


paid for the underlying research. If 
you refuse to cite any one such re- 
port, then arguably, you must make 
| this a blanket policy, one that would 
be extreme and unreasonable. Per- 
haps your reporting about such re- 
search should include phrases 
such as “a recently released report, 
prepared by XYZ Research on be- 
half of one or more software ven- 
dors featured in the report.” 

Some of these reports contain 
good and valuable information, if 
one reads between the lines and 
| with understanding of the bias that 
most such paid research has. But 
more importantly, | believe your 
readership has the capacity to do 
so, without as much help as you 
believe you need to provide. 
Robert W. Starinsky 
Managing principal and 
owner, Tradewinds Group 
Inc., Oak Brook, Iil. 


F AN ANALYST REPORT takes a 

decidedly favorable view of a solu- 
tion from a large company, | careful- 
ly consider the likelihood that said 
company subsidized its creation. | 








strongly applaud Computerworld’s 
position, as explained by Maryfran 
Johnson, to share only those reports 
that can be confirmed as offering in- 
dependent and objective views. | 
have recently returned to your peri- 
odical, and moves like this will only 
make me a more avid subscriber. 
Bruce Clarke 

Sunnyvale, Calif. 


Enough Bashing 


T'S TIME FOR Nicholas Petreley 

to find a new subject [QuickLink 
a3680]. Sure, his Microsoft-bash- 
ing was funny the first couple of 
times, but it's starting to get old. 
Since he’s some sort of Linux guru, 
why doesn't he write about the ben- 
efits of Linux, or tell us how Linux 
does things better than Windows? 
All we get is what a terrible beast 
Microsoft is. He's not winning any 
converts that way. | work with Linux 
and Windows every day, and I like 
them both. Petreley needs to get 
out into the real world and realize 
that both operating systems have 
their proper place, both have vul- 
nerabilities, and both can be vital to 
an organization. He also needs to 





do alittle research. For example, re- 
searchers at Mi2g Ltd. say that in 
August, 67% of all successful and 
verifiable attacks against servers 
targeted Linux, compared with just 


| 23.2% that targeted Windows - 


and August was the month during 
which Sobig.F and Blaster hit. Fur- 
thermore, 12,892 e-business sites 
running Linux were successfully 
breached that month, compared 
with just 4,626 running Windows. 
There is no perfect operating sys- 
tem. But please, for the sake of 
your readers, move on. 

Doug Tinklenberg 


| System engineer, LeMars, Iowa 


More Letters, page 28 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to Letters, 
Computerworld, PO Box 9171, 500 
Old Connecticut Path, Framingham, 


| Mass. 01701. Fax: (508) 879-4843. 
| E-mail: letters@computerworld.com 


Include an address and phone num- 
ber for immediate verification. 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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Outsourcing Issue Raises Readers’ Ire 


HAT CAN | SAY about your outra- 

geous 14-page Offshore Buyer's 
Guide in the Sept. 15 issue of Comput- 
erworld [QuickLink a3600]? That it 
was yet another slap in the face of 


American IT workers goes without say- 
ing. What really bothers me is your pre- 


sumption that all of your readers are 
employed ClOs who support offshore 
outsourcing. 


Computerworld used to be a re- 
spected IT industry magazine, but it 
now clearly targets an elite and proba- 
bly nonexistent CIO audience. You have 
betrayed your core IT audience. Like 
many other American IT workers, | re- 
cently lost my job to offshore outsourc- 


ing, so | do not appreciate such articles 
at all. There is a big difference between 
reporting on the offshore outsourcing 
trend and actively promoting and en- 
couraging it. 

Robert Kleefisch 


| Homewood, Ill. 





When the system slows down or, even worse, when the network fails, your company. experiences a break in productivity. 
Gateway Professional has a solution — we call it our 995 Server. With up to 4 Intel” Xeon” MP processors, redundant power 
supplies and a 4U rack-optimized design, you'll reach the highest levels of reliability and availability in a limited space. That 
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T'S BEEN DEPRESSING enough read- 

ing over the last year all the articles in 
your publication about companies dis- 
placing U.S. workers by using overseas 
outsourcing. Now you've made it even 
easier by publishing a buyer's guide; it’s 
the last straw. | see no reason to read 
your magazine in the future. 
Ed Hiney 


Naugatuck, Conn. 


WONDER IF the CxOs who are out- 
sourcing U.S. IT jobs offshore to save 
money see the very basic economic 
principle presented in your Offshore 
Buyer's Guide. The cost of doing busi- 
ness in politically stable countries with 
an abundance of skilled IT workers and 
a robust IT infrastructure is going to be 
higher. Quality isn’t cheap. 
Jon Banks 
Powder Springs, Ga 


The Human Math 


ES, IT’S TRUE: IT at every compa- 
ny has been arrogant, high-hand- 
ed, inflexible and uncooperative on oc- 
casion [Frankly Speaking, “The Human 
Factor,” QuickLink 41480]. But are HR, 
accounting, quality or engineering out- 
sourced? Every support and service 
group is guilty of all those sins and 
more. Don't kid yourself; it is always 
about the money. 
Darrel Anderson 
Sussex, Wis., dda@wi.rr.com 


DISAGREE with this statement in 
Frank Hayes’ column: “Even if out- 
sourcing turns out to be a horribly wrong 
decision, it’s still a no-lose situation for 
executives . .. who've had it with IT.” 
How does a company benefit from a 
spiteful decision that may do more harm 
than good? If | were a shareholder, I'd be 
after the executives’ heads. 
D. Bale 
Saginaw, Mich. 


TaN WE URE WI TH ab ITN AG AON, 


Foreign-born Citizens 
HE ARTICLE “IT Unemployment 
Hits ‘Unprecedented’ Level” 

[QuickLink 41519] states that a study 

found that “foreign-born workers now 

account for a fifth of all T employees in 
the U.S.” Is “foreign-born” relevant? 

Shouldn't this be framed in terms of 

“non-U.S. citizens”? In my office are 

two foreign-born IT staffers. Both are 

citizens, and therefore have as much 
right to work here as a native-born citi- 
zen and don’t need H-1B or L-1 visas. 

Scott Hutchinson 

Network administrator, 

Concord, Calif. 
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MySQL Breaks Into 

The Data Center 

MySQL is changing the nature of 
the database market with a powerful 
combination of low cost and high 
performance, though critics say it’s 
not a mature technology. Page 32 





FUTURE WATCH 

Megabit Mobile 

Mobile wireless data rates will make a quan- 
tum leap in the next five years, compared 
with little growth over the past decade. And 
Wi-Fi will be integrated into cellular service 
too, as mobile computing grows up. Page 35 


SECURITY MANAGER'S JOURNAL 
New Job Brings Back 

Old Problems 

When Vince Tuesday takes a new 
job, he faces unexpected chal- 
lenges — and revisits old ones. 


Page 36 
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Outlook: Grid com- 
puting technologies 
can work miracles in 
scientific and acade- 
mic niches, but sup- 
port for mainstream 
commercial applica- 
tions is still evolving. 


By Gary H. Anthes 


PHILIP ANDERSON 





HEN NOVARTIS AG need- 
ed extra processing 
power, the pharmaceuti- 
cal giant found it — 

5 trillion floating-point 
operations per second of unused ca- 
pacity, to be precise — in 2,700 desk- 
top PCs at its headquarters in Basel, 
Switzerland. The company lashed the 


| PCs together in a compute grid that it 
| now uses to run number-crunching 


supercomputer applications that mod- 
el the interactions between proteins 
and other chemicals that might be 
used in drugs. 

“The grid has opened up 
a number of opportunities 
for us which were just not 
there before,” says Manuel 
Peitsch, head of informatics 
and knowledge management at sub- 
sidiary Novartis Research. “People 
couldn’t imagine doing the things that 
we are doing today on a routine basis.” 

The Novartis drug research software 
is loaded onto the desktops by way of a 


| server running Grid MetaProcessor 


software from United Devices Inc. in 
Austin. By investing $400,000 in grid 
technology, Novartis avoided spending 
$2 million on a new Linux cluster. 

The Novartis success story is far 
from unique. Drug companies, univer- 
sity computation centers, product de- 
velopment and engineering depart- 
ments, federally funded research con- 
sortia and a few financial services 
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| firms have set up computer grids. 


They report big savings in hardware 


| costs and sometimes productivity im- 
| provements as well. 


Grids consist of geographically dis- 
persed computers linked dynamically 
in order to present to users a unified 
view of computational resources such 
as compute cycles, disk space, software 


| or data. There are intracompany grids, 


such as the one at Novartis, and part- 


nership grids, such as the National Sci- 


ence Foundation-sponsored TeraGrid. 
Utility grids, which proponents say 


| could provide unlimited on-demand 


access to computer resources in much 


| ; ; 
the same way the U.S. electric power 


grid provides on-demand access to 
electricity, are a dream of companies 
such as IBM and Hewlett-Packard Co. 


| However, they don’t yet exist. 


| Grid Limits 


Today, most grid applications share 
three characteristics. First, they are 
computationally intensive. Second, 
most are written for parallel or massive- 
ly parallel execution. Third, like the 
Novartis grid, most are built to harvest 


| unused compute cycles. Some, however, 


focus on getting at distrib- 
uted data or disk resources. 

Although IT vendors 
tout grids for all kinds of 
applications, grids have 
barely begun to move be- 
yond scientific, engineering and mathe- 
matical/statistical applications. One rea- 
son is that most business applications 
weren't written with parallel processing 
in mind, so they’re less able to take ad- 
vantage of the many semi-independent 
processors that form grids. 

“Parallelizing these applications is a 
major rewrite,” says Carl Greiner, an 
analyst at Meta Group Inc. in Stam- 
ford, Conn. “That’s why grids are hav- 
ing a difficult time in the commercial 
space.” It will be five years before ap- 
plications such as supply chain sys- 
tems become suitable for grid comput- 
ing, he predicts. 

Another impediment is that tools for 
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Breaking Down the Application 


While traditional applications require a single processor to step through all tasks sequentially, compute grids speed 
processing by breaking the task into smaller jobs that can be processed in parallel. This makes grids ideal for applications 
such as simulations or drug testing. Some commercial business applications could also benefit, 
but most would need to be rewritten to take advantage of a grid architecture. 


monitoring usage, charging for usage 
and even ensuring security in grids 
aren’t well developed, Greiner says. 
The lack of such capabilities is espe- 
cially troublesome when a grid spans 
multiple departments or companies, 
he adds. In a survey of 50 companies 
sponsored by Platform Computing Inc., 
a developer of grid software in Mark- 
ham, Ontario, 89% of respondents cited 
organizational politics as a barrier to 
implementing grids. Objections in- 
cluded fear of losing control of IT re- 
sources — “server hugging” — and 
fear of a reduction in the IT budget. 
Ahmar Abbas, managing director of 
Grid Technology Partners in South 
Hadley, Mass., sums up the obstacles 
to more widespread adoption of grids 


Split 


@ 
@ 
@ 
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SOME PIONEERING USERS are expand- 
ing grid technologies beyond the appli- 
cation niches common today. 

Novartis uses grid tech- 
nology to tap unused desk- 
top compute power, but 
the $19 billion drug compa- 
ny is also looking for free 
storage on thousands of 
desktops, says Manuel 

G's __ Peitsch, head of informat- 
Manuel Peitsch ics and knowledge man- 
agement at Novartis Research. “People 
have 30GB or 40GB hard drives, but most 
of their data is out on the network,” he 
says. But you have to answer some hard 
questions before building a data grid. 

“How do you find the data when you 
need it? How does the performance com- 
pare to that of a storage-area network? 
What's the cost of doing distributed storage 
of that type vs. having almost diskless ma- 
chines and having storage centralized?” 
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this way: “You have to really under- 
stand your applications — Can I dis- 
tribute them?” But, Abbas says, ven- 
dors are helping users get applications 
grid-enabled. For example, IBM re- 
cently announced a new release of 
WebSphere Application Server that 
lets users bring a collection of servers 
into a grid to balance the workloads 
across several WebSphere applica- 
tions. A future enhancement will also 
support non-WebSphere applications 
in the grid, IBM says. 

Web services hold the key to grid 
computing for commercial applica- 
tions, Abbas says. “The way business 
applications will take advantage of the 
grid is through XML, UDDI, SOAP and 
WSDL. The Open Grid Services Archi- 


Peitsch asks. He says he’s also looking into 
the possibility of expanding the grid to areas 
outside of research, including CRM. 

At Purdue University, the 2,300-PC 
grid just harvests compute cycles. But 
David Moffett, associate vice president for 
research computing, says Purdue will work 
with United Devices to develop software to 
go after disk space on the desktop as well. 

But it's trickier to set up a grid for stor- 
age than it is to set up one for computing. 
“You have to have a network that can sup- 
port all that traffic,” Moffett says. And dis- 
tributed storage requires addressing tough 
issues of security, data replication and ma- 
chine availability and reliability, he adds. 

Nevertheless, Moffett says he’s commit- 
ted to a growing exploitation of grids. “My 
staff gets annoyed with me for trying to 
steal cycles from anything with a CPU in it,” 
he says. “If the Coke machine had an Ether- 
net jack, we'd be stealing cycles from it.” 

- Gary H. Anthes 
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tecture [standard] takes all the capabil- 
ities that grid can offer and makes 

them appear in the same nomenclature 
as a Web services application,” he says. 

Considerable work on grid standards 
is now under way among vendors, 
users and researchers. But many appli- 
cations don’t yet conform to the stan- 
dards, and even some grid product ven- 
dors say the standards aren’t mature 
enough for commercial applications. 

While commercial applications aren’t 
yet ready, traditional grid applications 
continue to grow. Researchers at Purdue 
University in West Lafayette, Ind., have 
a hierarchy of distributed computing 
resources, with supercomputing at the 
top, six 48-node Intel/Linux clusters in 
the middle and a 2,300-PC grid run- 
ning on United Devices software at the 
bottom. The goal, says David Moffett, 
associate vice president for research 
computing, is to move jobs down the 
hierarchy, where computing is cheaper. 

“T have very high hopes that we can 
move the whole stream of jobs out of 
the cluster space down into the United 
Devices space,” Moffett says. Although 
the PC grid requires a United Devices 
software license and two dedicated 
grid servers, “those are close to free 
cycles,” he says. 

Moffett plans to expand the grid to 
include PCs in faculty and administra- 
tive offices. And he says he’ll make the 
compute cycles on research computers 
that have been freed up by the existing 
PC grid available to business applica- 
tions. “We’ve cleared off enough re- 
sources high in that stack that they will 
run up there,” he says. @ 41610 


GRID BUILDING BLOCKS 


These standards guide grid system development: 


QuickLink 41613 
www.computerworld.com 





SOURCE: NOVARTIS AG 


Burlington, 

@ Avaki's Data Grid goes after structured 
and unstructured data distributed across 
departments, locations and companies. 
Unlike a data warehouse, where informa- 
tion is copied from various sources into a 
central repository, Data Grid allows the data 
to stay in place and gives applications a 
data catalog with a unified and secure view 
of the grid. 


wee eee Own ween ene 


New York 

= DataSynapse’s GridServer is targeted 
at data- and compute-intensive financial 
services, energy, and government applica- 
tions running on Linux, Unix or Windows. It 
seeks to transform the middle-tier infra- 
structure, just as J2EE application servers 
have accelerated and standardized applica- 
tion integration. 


framework for grids running real-time data- 
form LSF and JobScheduler are for batch 
agement across a grid. The company also 
offers a version of The Globus Alliance's 
Globus Toolkit. 


platforms so that users can run both Linux 
and Windows applications on them. 
~ Gary H. Anthes 





“ Thank you NCF for helping us find 
new options for our used technology.” 


— Dave Smith 
VP Technical Services 
CompuComSystems, Inc. 


Moving ahead with a vision of technology re-use. 


Every day, throughout the U.S. and around the globe, 


the National Cristina Foundation is putting donations 
of used and obsolete computer equipment to work— 
at no charge to donors or recipients—helping train 
people with disabilities, students at risk and those who 
are disadvantaged to become more inde nt and 


productive in their lives. 


Go to www.cristina.org or call us for easy disposal 
of your used or obsolete computer technology. 


* No charge to donors or to recipients for our service 


* Provides logistical support that eliminates transfer 


costs and reduces storage costs 


¢ Assures that all organizations that receive donations 


through our process are pre-screened for eligibility 


¢ Customizes your philanthropic efforts in the 


communities in which you conduct business 


¢ Provides records to support your tax deductions 


Cristina 
Foundation 


LINKING LIFE TO ITS PROMISE 


500 West Putnam Avenue, Greenwich CT 06830 
Tel: (203) 863-9100 » Fax: (203) 863-9230 
Email: ncf@cristina.org > www.cristina.org 


A non-profit foundation dedicated to the support 
of training through donated technology. 


Donate Today at www. cristina.org 
| Machines You Can Write Off. People You Can'‘t. 
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BREAKS INTO THE 
DATA CENTER 


Once dismissed as inadequate for high transaction vol- 
umes, the open-source database's improved performance 
and low cost are winning new converts — and shaking up 
the status quo in the database world. BY MARK HALL 





www.computerworld.com 


YSQL INFURIATED a janitor one 
night in the New York headquar- 
ters of The Associated Press. Be- 
cause of a successful adoption of 
the open-source database, the IT 
staffers there figured they no 
longer needed their DB2 manuals. 
So they dumped them all in the trash. 

“He looked at the manuals, and there were stacks 
of them, got angry, said he’d come back for them lat- 
er and stormed out,” recalls Michael Welch, a data- 
base consultant on the project. “All because of 
MySQL.” 

MySQL is also upsetting the entire database mar- 
ket. Charles Garry, an analyst at Meta Group Inc. in 
Stamford, Conn., hails it as “a disruptive technology” 
that’s commoditizing databases — so much so, he 
says, that “the future of the database market will be 
the standardization on MySQL.” 

Strong words, but adherents of the open-source 
database are passionate supporters, and they num- 
ber in the millions. These users are drawn to it be- 
cause it offers high performance, ease of use and a 
feature set broad enough to handle most of their 
database development needs. And it’s cheap. 

Indeed, MySQL’s low cost never fails to come up 
in conversation with users. Mark Cotner, manager of 
network application development at Cox Communi- 
cations Inc. in Atlanta, points out that his MySQL- 
based application cost less than $90,000 from soup 
to nuts, including the Intel-based servers, program- 
ming time and the approximately $4,000 annual li- 
cense and support payments to MySQL AB, the Upp- 
sala, Sweden-based company that oversees the de- 
velopment and distribution of the open-source data- 
base. An Oracle database license for the project 
would have totaled $300,000 by itself, he says. 

Cotner is far from the only person with a MySQL 
money-saving story. Another is Dwight Clark, an IT 
specialist and systems analyst for the Marshall Space 
Flight Center Procurement Office at NASA. He says 
the NASA Acquisition Internet Service (NAIS) mi- 
grated an Oracle database to MySQL because a price 
restructuring by Oracle Corp. meant the licensing 
costs alone for a simple upgrade would be “more 
than twice the NAIS annual budget.” 


Fast and Easy 


But free source code and inexpensive licensing 
aren’t the only reasons why users sing MySQL’s 
praises. Performance also rises to the top of the list. 

Cotner says that the 700GB data warehouse he 
built “is very, very fast.” The application atop the 
database gathers monitoring information via Simple 
Network Management Protocol on Cox’s 1.2 million 
cable modems in the field. With it, Cox is now able 
to supply critical service data to analysts and techni- 
cal support staff. 

“The most expensive part of running a cable com- 
pany is managing the last mile,” he says. “So if we 
can do that more intelligently, we can save the com- 
pany money and improve customer satisfaction.” 

Terry Ewing, senior systems manager at AP, says 
his company’s MySQL application hosts 600 Web 
sites for affiliated newspapers across the U.S. Every 
day, hundreds of national and world news stories are 
filed and stored on a Sun Solaris 420 server, and 
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Benefit From the Most Comprehensive Program 


No other storage event gives you a program so rich with experiences - whether they're 
industry and pre-certification primers, general sessions, tutorials, opportunities to see tech- 
nologies at work ... or the rare chance to talk to the very engineers that make them work. 


Easily Navigate an Agenda Packed with Choices and 
Learning Experiences 


No other storage event provides an agenda woven with so many logical choices - choic- 


es that allow you to tailor your valuable time to your very specific needs. (See the full 
agenda at www.snwusa.com.) 


Get an Education Endorsed by the SNIA 


No other storage event offers a learning experience developed and sanctioned by the indus- 


try's most influential storage association - highlighted by the SNIA-delivered technical tutorials. 


Meet Experts and Shop in the Largest Available Storage- 
specific Solution Mall 


No other storage event allows you to see all the players and solution providers in one 
place. It’s literally your one-stop “solution mall.” 


For more in 


= _, SAW lab qeaak apaed inte siaie ae 
farm about the atest technology in storage. ‘* 


osc 
National Semmconducter 


opportunity ... 
‘Tham he abby oak pone aloha 





Options for IT End-Users* 
General | Conference Package (Oct. 28, 29) 


essions, Expo, Meals and Receptions) 


Tota 4-day Package (Oct. 27, 28, 29, 30): 


3 General Conference Package: Technical and Business Tracks; SNIA-produced Tutorials: Pre-cettfication Refresher Courses) 


Registration Rates 


Options for IT Vendors** 
Total 4- re dese = 27, 28, 29,3 


Exhibiting Vendor Packa 


* IT End-Users are defined as those who are attending Storage Networking World with an intent (and an [T spending budget) to potentially buy/purchase 
development 


hardware/software/services/etc. from our conference sponsors and exhibitors. As such, account representati from any compa- 
ny, analysts, venture capitalists, and anyone else attending who does not have IT purchasing influence within their organization are excluded from the “IT 
End-User” designation. Enforcement of this interpretation and policy is at the sole discretion of Computerworld. Questions? Please call 1-800-883-9090. 


** Vendors are encouraged to participate at Storage Networking World through sponsorship. (Details are available by calling Ann Harris at 1-508- 
820-8667.) Alternatively, vendors (as well as venture capitalists, equity analysts, and other “non-IT end-user” professionals as defined by 
Computerworld), may apply for registration at the “non-sponsoring vendor” rate. Determination of what constitutes a “non-sponsoring vendor” 
registration is at the sole discretion of Computerworld. You will also be required to adhere to our non-solicitation policy posted on-site. 


mation and to register, visit www. snwusa. .com/print or call 1-800-883-9090 (1-508-820-8159) 


“... SNW is the premier event for storage issues and 
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newspapers host their own local stories elsewhere. 
The news pieces are updated regularly and linked in 
packages, such as one for Iraq, where a recent sui- 
cide bombing story was updated 17 times in one day. 

In addition to the constant churn of data stored, 
the database includes all the multimedia files at- 
tached to each story. Readers of 600 online newspa- 
pers search through the database, find stories and 
their attendant multimedia files and swiftly pull 
them down to their PCs, Ewing says. “The perfor- 
mance is very good,” he adds. 

End users aren’t the only ones who benefit from 
faster speed: Administrators have also noticed a dif- 
ference. 

For example, Ewing says it used to take two days to 
run a replication of AP’s DB2 database. With MySQL, 
the process lasted a mere two hours. 

NASA's Clark compared MySQL’s performance 
against Oracle’s for his application, and it averaged 
28% faster during the battery of tests he hammered 
it with. He adds that unlike competing products, 
“MySQL was not a machine resources hog.” 

The leanness and speed of MySQL comes from its 
straightforward design. In MySQL, every database 
exists as a separate directory and contains three files: 
one for the structure or schema of the database, an- 
other for data and one for the index. That’s it. 

The database is also easy to administer. For exam- 
ple, users say data migration is a snap because ad- 
ministrators simply move their data directories into 
MySQL. 


Clark says switching NASA's application from Ora- | 


cle was a breeze. “To switch to MySQL, we only had 
to install the MySQL database driver module and 
change the connect call to the database interface 
module,” he explains. “Once this was done, we liter- 
ally had to change approximately one line of code 
out of 15,000 lines to begin using MySQL in our first 
application.” 

Cotner says, “I don’t claim to be a database admin- 
istrator, but I find it easy to administer from the com- 
mand line.” 


Not Perfect 


However, that command-line approach troubles Jay 
Nickson, a consultant at Ronin Software Group in 
New York. Although he likes and uses MySQL, Nick- 
son thinks the vast majority of Windows profession- 
als will bypass its cost-effective capabilities because 
MySQL isn’t intuitive to them and lacks documenta- 
tion useful to Windows administrators. He says 70% 
of MySQL’s utilities aren’t documented. 

Ewing, however, doesn’t see that as a problem be- 
cause the open-source development community 
that’s behind MySQL “is more vocal, more helpful 
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and more diverse” than users of other databases. 

Welch, who consults at AP through Bangstate Inc. 
in Brooklyn, N-Y., says finding answers to questions 
about MySQL was easy. “Just about every question 
we had was Googled,” he says. 

More important, Welch says, is that unlike the 
technical writers who crank out the manuals for 
DB2, Oracle and SQL Server “but don’t use the sys- 
tem, we were getting answers from people who actu- 
ally use it.” 

Still, Nickson says that MySQL AB’s management 
and technical staff need to put more emphasis on 
documentation to break into the broader, more lucra- 
tive Windows market. 

Another fault with MySQL, some say, is its youth. 

Tom Rizzo, group product manager for SQL Server 
at Microsoft Corp., dismisses MySQL as “technically 
immature” and claims that “it’s not very good in a 
high-transaction environment.” 

And Stamford, Conn.-based Gartner Inc. chided 


| MySQL in a report, saying it lacked “high-end capa- 


bilities” such as support for storage procedures, a set 
of compiled SQL statements with one name that can 
be invoked by different programs for greater effi- 


| ciency. Gartner contends that MySQL needs another 


five to 10 years to mature. 

And even some happy users want more from 
MySQL. “Having stored procedure calls would be 
OK,” says Cotner. 

Marteen Mikos, president of MySQL, acknowl- 
edges that early releases of the database were weak 
in high-volume transactional applications. But he 
claims that the current Release 4.0 is competitive 
with other databases for transaction performance. 
And, Mikos says, stored procedure calls will be 
added when Release 5.0 arrives next year. 


ments might also skip MySQL, because it’s not the 
best choice for a database on an eight- or 16-proces- 
sor Unix machine. 


EXECUTIVES AT MYSQL AB might be running out of ink 
in their pens from all the agreements they've signed with 
major industry players for the open-source database. 

This summer, the company signed a deal to ship 
MySQL 4.0 with Novell Inc.'s NetWare 6.5. Each ver- 
sion of NetWare comes with a full commercial license 
of the database, so users need not worry about the is- 
sues surrounding open-source General Public License 
agreements [QuickLink 31574). 

In the spring, SAP AG selected MySQL to complete- 
ly revise the database shipped with every copy of the 
SAP ERP application suite [QuickLink 38764] 

According to Rudolf Munz, senior vice president for 
development platforms at SAP, the two companies will 
jointly develop an open-source database to replace 
SAP's existing one. 

“We have a simple, strategic goal,” he says. “Infra- 
structure, like databases, should be as inexpensive as 





Database on the Cheap 


MySQL AB’s software costs $440 per server. The MySQL 
source code can be downloaded for free. Here’s alook at the 
costs of competing products, which are priced per processor. 


| Oracle 


STANDARD EDITION 


| ERR 515,000 


| ENTERPRISE EDITION 


| $40,000 


IBMDB2 


WORKGROUP 


| MB $7500 


ENTERPRISE EDITION 


$25,000 


| Microsoft SQL Server 


STANDARD EDITION 


WB $4999 


ENTERPRISE EDITION 


$19,999 


But Meta’s Garry doesn’t think that drawback will 
stop the database’s momentum in the market. “More 


| than 60% of all databases run on servers with four 


processors or less,” he says. 
Yet, despite MySQL’s progress in the market, 


| “we haven't found very much MySQL out there,” says 
Users who have high-end, multiprocessor environ- | 


Microsoft’s Rizzo. 
“That’s the best news I could have,” retorts Mikos. 


“As long as Microsoft is in denial, we’re fine.” 


| @ 41750 


Vendors Make 


MySQL Deals 


: possible so users have the budget to buy as many SAP 
: applications as possible. Infrastructure has no value for 
: customers. Only applications do.” The new database 


will be called maxDB and be available in the next two 


> to three years. 


Also, MySQL and Redmond, Wash.-based start-up 
Pogo Linux Inc. agreed to work together to develop the 


first MySQL database appliance. And Sun Microsys- 
: tems Inc. ships MySQL as standard with its Sun ONE 
: Active Server Pages product and as the only database 
: Option for its Sun Fire servers. 


According to MySQL President Marteen Mikos, who 


: moved to California this year to handle the increased 


business in the U.S. and to be closer to investors who 
poured nearly $20 million into the company this sum- 


: mer, “2003 has been a good year. Next year, | hope, 
: will be better.” 


~ Mark Hall 





Got a storage solution 


Nominate it for the Storage Networking World 
“Best Practices in Storage Awards Program!” 


Storage Networking World (SNW), in conjunction with Computerworld and the Storage 
“sonra Networking Industry Association (SNIA) is seeking IT user-organization case study 


STORAGE | | submissions for consideration and recognition. 

se This program will evaluate, select and recognize ten Storage Technology “Best Practices” 

PR ACTI CE S I N based on case studies highlighting successful or noteworthy solution implementation 
projects and deployments in the following categories: 


STOR AGE ¢ Systems Implementation 


AWARDS PROGRAM ¢ Storage Reliability and Data Recovery 
| <= ¢ Data Lifecycle Management 
COMPUTERWORLD 
| “ ¢ Industry Regulation Compliance and Corporate Governance 
; ' ¢ Innovation and Promise 





Nominations are welcomed from IT Users/Implementers; Systems Integrators/Consultants; IT vendors on behalf of customers, or, 
their own In-House Deployment; and PR firms on behalf of clients. Multiple submissions of case studies describing different deployments 
per company/organization will be considered. 


Winners will be featured in a Computerworld special advertising supplement profiling the company and submitted case study. 


Submit your nomination today! The deadline is Wednesday, October 15th at 9:00pm Eastern time. 
Complete the nomination form at: computerworld.com/bestinstorage 


CUSTOM PRODUCED BY: ENDORSED BY: AWARDS PROGRAM EXCLUSIVELY SPONSORED BY: 
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& where information lives 
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Megabit Mobile 


Coming at last. Plus, 
integrated Wi-Fi. 
By Bob Brewin 


HE DEVELOPMENT Of wireless 
data services over the next 
five years will seem revolu- 
tionary compared with the 
snail’s pace that marked the 
technology’s early history. 
Cellular service remained primarily 
a voice-only medium until 1992, when 
cellular carriers developed a TCP/IP 
system with a maximum data 
rate of 19.2Kbit/sec. Rates re- 
mained at that level until last 


2.5G (two-and-a-half-genera- 
tion) technology that approxi- 
mated dial-up modem speeds of 
56Kbit/sec. 

Early last year, companies that oper- 
ate on the Code Division Multiple Ac- 
cess protocol upgraded their networks 
to offer users average throughput of 
50K to 70Kbit/sec. At the same time, 
cellular companies that operate on the 
Global System for Mobile Communica- 
tions standard beefed up their systems 
to provide average data rates of 20K to 
40Kbit/sec. 

Thanks to massive investments to 
get these modest improvements — 
AT&T Wireless Services Inc. alone 
will spend $14 billion on cellular from 
2000 through the end of this year — 
wireless networks are now poised to 
move toward 2Mbit/sec. 


Wi-Fi on the March 


ada U ces OPM ee 
dard with data rates up to 
Pa ie a eal 


year, when carriers introduced WATCH@ 


802.11b standard approved for 
TIMbit/sec. in 2.4-GHz band, 
and 802.11a approved for 
54Mbit/sec. in 5GHz band. Ap- 
ple introduces‘the first comput- 
er with built-in 802.11b Wi-Fi. 


FUTURE 


First 802.11a 
EL ERS oe 


ITU establishes globally harmo- 
nized frequencies in 5-GHz 
band for 802.11a; IEEE approves 
the 802.11g standard for 
54Mbit/sec. in 2.4-GHz ban 
31,000 Wi-Fi “hot spots” exist. 


Shiv Bakhshi, an analyst at IDC in 
Framingham, Mass., predicts that by 
2006 or 2007, all mobile carriers in the 
USS. will offer “near ubiquitous” ser- 
vice at peak data rates of 2Mbit/sec. 

Margaret Marino, vice president of 
technology development at AT&T 
Wireless, says AT&T plans to offer 
384Kbit/sec. speeds throughout its 
network by the end of this year and 
2Mbit/sec. maximum speeds in four 
markets by the end of next year. 

Verizon Wireless and Sprint PCS 
Group plan to offer data rates that 
peak at 2.4Mbit/sec., with average 
throughput between 400Kbit/sec. 
and IMbit/sec. 
tL Tero Ojanpera, head of re- 
search at Nokia Corp. in Es- 
poo, Finland, says wide band- 
width could in five years real- 
ize a dream the industry has 
chased since the 1939 New 
York World’s Fair: a video phone the 
same size as today’s mobile phones. 

Len Barlik, vice president of technol- 
ogy research at Sprint Corp., says 
broadband mobile networks and ad- 
vanced handsets would provide users 
with all the processing power and ca- 
pabilities of a desktop terminal con- 
nected to an office LAN. That would 
allow enterprise users to move beyond 
e-mail and download fat attachments 
such as PowerPoint slides or Adobe 
Acrobat files directly to their handsets. 

The carriers also say they'll incorpo- 
rate Wi-Fi wireless LAN technology 
into their networks and access devices 
in order to accommodate interfaces 
with both enterprise Wi-Fi networks 
and public-access Wi-Fi hot spots. 








Major carriers plan to intro- 
Geem i caele lcm) Neg 
Naan ecm eat lii Ce 


Sma 
Re eee ge oem) 
grow to 135,000; 
integrated cellular/ 
VoIP Wi-Fi phones 
Melt Looe 


| bandwidth Wi-Fi hot spots 





Originally envisioned as a wireless 
extension of the office LAN, Wi-Fi 
caught the attention of wireless carri- 
ers in 2000, when companies such as 
Wayport Inc. in Austin 
started to install short- 
range (100-ft.) but high- 


MORE ONLINE 


For a timeline of wireless 
communications, visit 

@ QuickLink 41754 
www.computerworld.com 


in airports and hotels. 
Datamonitor PLC, a re- 
search firm in London, pre- 
dicts that the number of Wi-Fi hot 
spots will explode from 31,000 at the 


| end of this year to 135,000 by the end 


of 2006. Wi-Fi hot spots are expected 
to continue to penetrate the lodging 
and dining markets and extend into 
other venues, such as service in trains, 
planes, ferries and gas stations. 


The Wi-Fi Connection 


Ron Adkins, general manager of IBM’s 
pervasive and wireless computing divi- 
sion, foresees the development of a 
Wi-Fi-enabled car that will use both 
Wi-Fi and cellular technologies to 
monitor onboard systems and to 
download data and music files from a 


home network. Wi-Fi under the hood 
will save on expensive copper wiring. 

Chris Kozup, an analyst at Meta 
Group Inc., says that over the long 
haul, cellular carriers will dominate 
over Wi-Fi-only network operators as 
the carriers integrate Wi-Fi into their 
networks. This means a company 
could tap one carrier for all its wireless 
services, with charges for hot-spot and 
mobile connections all on one biil. 

Kozup predicts that multimode 
phones will eventually 
serve as the entry point into 
enterprise voice networks 
through a voice-over-IP 
connection on corporate 
wireless LANs. 

Mark Whitton, vice presi- 
dent for business and technology strat- 
egy at Nortel Networks Ltd., says the 
convergence of Wi-Fi and mobile net- 


works requires the development of 
smart phones and handheld computers 
that can “sense” networks and their 


| characteristics and then make a net- 


work choice based on user preferences 
such as bandwidth, cost and the avail- 
ability of Wi-Fi or mobile service. 
“The average Joe does not know or 
care what kind of wireless network he 
is using,” Whitton says. The user needs 


software and devices — which Nortel 


is working on — that can make intelli- 


| gent choices for the user, he says. 


@ 41661 


Middleware. 
It’s at the mall. 
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New Job Brin 


Back Old Problems 


Without the right tools, a smart, dedicated 
security team is left running in circles. 


By Vince Tuesday 


T 10 A.M., the boss 

called the entire IT 

security team into 

a meeting room, but 
without the line manager. He 
said that the line manager had 
been sacked. 

There had been no warn- 
ing, just an empty desk when 
the team came in that morn- 
ing. The situation got worse 
when the boss informed 
everyone that a new 
line manager had 
been selected and 
would be starting to- 
morrow. A manager 


and hadn’t been in- 
volved in hiring? 
This didn’t look good. 

That scenario wasn’t pre- 
sented to me, however. I am 
the new line manager. I’ve 
changed jobs and been 
dropped into a shocked and 
surprised security group. I’m 
now at a much larger global 
finance organization. It’s a 
step up for me, so I am very 
happy, but I worried a little 
at first about how the team 
would react. 

It was a shame to say good- 
bye to my old place, but I'd 
been there for many years and 
was starting to get stuck ina 
rut. So I’ve jumped for a new 
challenge. 


Far From Perfect 


I spent my first week getting 
to know everyone in the de- 
partment, which has had six 
managers in the past few 
years. I don’t know why there 
has been such high turnover, 
but poor morale and a lack of 
strategy might explain it. 

I'd heard that things were 
far from perfect before I ar- 
rived, but I’m confident that 





SECURITY 
MANAGER'S 
they hadn’t even met JOURNAL ee 


—— 





I can make a difference. 

I wonder if my predecessors 
said the same thing? 

My getting-acquainted peri- 
od ended abruptly on Day 2, 


| when we had a virus outbreak. 
| A virus that spread between 
| computers on our network 


had affected some develop- 
ment systems. It was shocking 


| to see the limited tools that 


my new staff had at their dis- 
posal. Nonetheless, 
they knew what they 
were doing and 
dealt with the inci- 
dent effectively us- 
ing what they had. 
To find infected 
machines, they had 


| to scan computers for the 


changes that the virus made 


| and then disconnect those sys- 
| tems from the network. They 
| had no way of detecting the 


virus’ attempts to spread, so 
by the time they found each 
infected machine — a 30- 
minute process — the virus 
had often infected others. 
Their efforts kept the virus 
from exploding onto hun- 


| dreds of systems, but they 


In our first video- 
conference team 
meetings... | 
asked some very 
simple questions. 
... 1d expected the 
staff to... tell me 
their strategy, but 
none exists. 





could have cleaned it up 
faster if tools were available 


| to detect and report infection 


attempts. I'll be working hard 
to get the staff those tools. 


The Agenda 


My most important task will 
be to lift the staff’s sights from 
the next urgent interruption to 
a longer-term view so they 


| can build an approach that de- 


fends against future threats. 
That means I must free up 
their time by clearing away 
tasks the staff now does every 
day that add no value. For 
example, every time a staff 
member requests access to a 


| blocked Web site, we must 


approve it. The requests are 
always urgent and interrupt 
whatever we’re doing, but 
most are for the same kind of 
things. I’m trying to set up a 
process where those requests 
are routed to the IT support 
group and we just review the 
decisions once a month. 

The biggest change for me 
is that I now manage a global 
security team. I have people 
in Europe, the U.S. and the 
Asia-Pacific region. I’ll be 


| racking up frequent flier 


miles and learning about cul- 
tural differences. And we'll 
fly everyone in for an annual 
meeting, where we hope to 
resolve the security team’s 
most enticing debate: where 
in the world one can find the 
best curry. 

It is shocking how global 
security teams can operate un- 
structured in huge companies. 
In our first videoconference 
team meetings (held very ear- 
ly to accommodate every time 
zone), I asked some very sim- 
ple questions. What do we do? 
Why do we do it? What should 
we do next? What is the differ- 
ence between us and the au- 
diting department? I'd expect- 
ed the staff to point me at a 
strategy document or at least 


to tell me their strategy, but 
none exists. 

They also have no technical 
architecture target and no 
documentation of what they 
do now. If you don’t know 
where you are now and you 
don’t know where you want to 
be, the only way you end up 
| making the right decisions is 
if you're very lucky. It also is 
very hard to convince regula- 
tors, auditors or senior man- 
| agement that you are doing 
the right things, or to explain 
why the next tool or service is 
required if it doesn’t fit into an 
overall plan. 

I suppose I should be grate- 
ful that I can deliver a few 
quick wins by putting these 
plans in place, but it’s a little 
disturbing that we appear to 
be running without them. I’m 
carefully not asking too much 
about my predecessor’s work, 
since I don’t want to linger on 
the past. But I do wonder why 
a plan hadn’t been thought out 
and documented. 

I was also thrown off by 
the company culture. Every- 
one works hard, but they also 
know how to let their hair 
down. The boss took us out to 
a welcome lunch and had to 
rush back to the office before 
the bill arrived. He happily 
just gave me his credit card 
and told me to sign on his be- 
half when the bill came. I was 
a little nervous that I might be 
committing credit card fraud, 
but I certainly didn’t want to 
question my boss. Fortunately, 
the restaurant gladly accepted 
my signature. 

So far, I seem to be winning 
the respect of the team. I’ve 
been here three weeks and 
other groups have already 
| remarked on the improve- 
ment in the group’s morale. 

I must be doing some things 
right — or at least doing them 
wrong in a different way from 
the last fellow. D 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “Vince Tuesday,” whose 
name and employer have been disguised 
for obvious reasons. Contact him at vince. 
tuesday@hushmail.com, or join the dis- 
cussion in our forum. QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworid.com/secjournal 
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ciate exam. It also includes a 
cut-down version of Boson 
Software Inc.’s NetSim prac- 
tice test software on CD-ROM. 
Netsim lets you practice the 
network skills you learn from 
the books on a virtual network 
on your PC. 

The books are clear, and 
they cover every key concept 
in depth. Although focused on 
Cisco Systems Inc. products, 
the skills learned are universal 
to networking - and critical for 
anyone serious about security. 

There are many books on 
the market to prepare you for 
exams. Some are so focused 
on helping you cram for the 
exam that they aren’t useful 
for anything else. I haven't 
taken my CCNA exam yet, so 
we'll have to see how useful 
this book is in that regard. As 
areference, it’s top notch. 

~- Vince Tuesday 


NCipher Introduces 
Security Module 
NCipher PLC, a Cambridge, 


England-based vendor of 
cryptographic security man- 





lronic how it takes the cutting edge 
technology of 2003 to access the 
cutting edge technology of 1973. 


myEXTRA!™ Smart Connectors let you leverage your existing legacy data and logic. 


“Cutting edge” doesn’t cut it. You need products 
that do what they say they will do. This is what 
we say: Our myEXTRA! Smart Connectors give you 
XML-based Web services — they let you get at legacy 
information without changing host applications. 
You can put all of the business data and applica- 
tions locked up in mainframes to new use in hours 
or days, not weeks or months. We've spent the last 
18 years making legacy data more useful. Smart 
Connectors are the logical next step, making data 


easier to get at. 


Find out more. Download our free White Paper 
“Leveraging Legacy Applications to Serve New 
Business Initiatives” at www.attachmate.com/SC7. 


attachmate 





And the Winners are... 


Computerworld’s “Best Practices in Mobile 
& Wireless Awards Program” results announced! 


Mobi a8 BIRR 


MWS S§ PRACTICES 
World FRIWe)si83 
ae & WIRELESS 


Cy AWARDS PROGRAM 


Program Categories and Results: 
SYSTEMS IMPLEMENTATION 





U.S. Army's Program Management Office -Combat Systems 
Putnam Investments 
Cox Communications 


SYSTEMS RELIABILITY 





Guidant Corp. 
Motorola Inc. 
Pitney Bowes 


INFORMATION SECURITY 





INTEGRIS Health Inc. 
Los Alamos National Laboratory 
US Military Academy, West Point 


FINANCIAL PAYBACK 





Burlington Northern Santa Fe Railway Co. 
Ford Motor Company 
Net IQ 


INNOVATION AND PROMISE 





London Ambulance Service 
University Health Network 
UPS 





_ Challenges, solutions 


and benefits highlighted 
in award-winning 
technology deployment 


| case studies 


¢ See profiles of 10 winners in a special supplement 
in Computerworld’s October 20th Mobile & Wireless 
Knowledge Center issue 


¢ Find awards program information at 


www.mwwusa.com 


¢ Attend the Mobile & Wireless World Conference, 
May 24-27, 2004 in Palm Desert, California 
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NICHOLAS PETRELEY 


* un | 
Microsystems 
On the 


UN MICROSYSTEMS enters the office of 
noted therapist Dr. Sickmund Fraud and 
lies down on the couch. “Doc, I think ’m 
having an identity crisis,” Sun confides. 
Dr. Fraud: Well, they say recognizing the 
problem is the first step toward addressing the prob- 
lem. So how long have you had this problem? 


Sun: What problem? 


Dr. Fraud: Ah, I see. I think it might be helpful to try 
hypnosis. Watch the watch as it swings. You are get- 
ting sleepy. Your eyelids are getting heavy. You are 
entering a deep sleep. You are in a deep, deep... 


Sun: ... slump. 

Dr. Fraud: Good, now tell 
me about yourself. 

Sun: I am a hardware 
company; I own a man- 
sion and a yacht. 

Dr. Fraud: And how did 
you get this mansion und 
yacht? 

Sun: I sold Sparc 
servers during the dot- 
com boom. They run So- 
laris, the best operating 
system for business. 

Dr. Fraud: I see. And why 
is this Solaris the ideal 
operating system for the business? 

Sun: I didn’t say that. Linux is the 
ideal platform for businesses look- 
ing for cost-effective and powerful 
edge-networking solutions, like my 
Web site says. 

Dr. Fraud: So this Solaris is the 
legacy, and you are building your 
future on this Linux? 

Sun: Are you kidding? Linux is 
nothing more than a hobbyist op- 
erating system, built like a jalopy. 
Solaris is the future. 





| hardware company so obsessed 


TECHNOLOGY 


ouch 


Dr. Fraud: So this So- 
laris is the best, just not 
powerful? 

Sun: No, Solaris on 
my Sparc-based sys- 
tems is far more power- 
ful than Linux. 

Dr. Fraud: So what you 
are saying is that Linux 
is more cost-effective 
on x86. 

Sun: No, Solaris is es- 
sentially free on x86. 

Dr. Fraud: I think I 
understand. Solaris 
is ideal on Sparc, and 

Linux is ideal on x86. 

Sun: No, Solaris is ideal on 
x86, too. 

Dr. Fraud: Then this Linux is no 
good at all? 

Sun: Of course it’s good. Linux is 
the ideal platform for businesses 
looking for cost-effective and pow- 
erful edge-networking solutions, 
like my Web site says. 

Dr. Fraud: But you said before... 
ach, never mind. And why is a 


about the operating systems? 

Sun: I’m not a hardware compa- 
ny, I’m a software company fo- 
cused on Java. 

Dr. Fraud: Ah, now we are getting 
somewhere. I am speaking now 
with the software company, no? 
And do you also own a mansion 
und a yacht? 

Sun: No. I have a condo in east 
Newark and rent a rowboat now 
and then. 

Dr. Fraud: And being the software 
company, you focus on the java be- 
cause programmers drink java to 
work the long hours. ... 

Sun: No, Java is a product I sell. It 
used to be Oak. 

Dr. Fraud: So now you are a furni- 
ture company which used oak. And 
what is it you use now? Pine? 

Sun: No, but some of us use 
Balsa, since Pine is outdated as an 
e-mail program. Regardless, I’m 
talking about Java as in my latest 
project, the Sun Java Desktop. 

Dr. Fraud: I see. So this balsa-wood 
desktop furniture is what you sell 
now that the dot-com boom is over? 

Sun: No, the Sun Java Desktop 
is software. Java is a programming 
language and platform-neutral 
runtime. 
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Dr. Fraud: Ah, I see. So you make 
money because this Sun Java Desk- 
top software runs on the Sparc 
hardware, no? 

Sun: No. It runs on x86. 

Dr. Fraud: And you are using this 
superior Solaris on x86? 

Sun: No, the desktop runs Linux. 

Dr. Fraud: Ach, I see, but the desk- 
top is written in Java. 

Sun: No, it runs GNOME on 
Linux. 

Dr. Fraud: And why is it called the 
Java Desktop? 

Sun: Well, it does include the 
Java runtime. 

Dr. Fraud: Ach, I see. Well, the 
clock on the wall says that our 
time is up. (Snaps his fingers.) 
Wake up! 

Sun: So what’s the verdict, doc? 
Do I have a serious identity crisis? 

Dr. Fraud: No, I’m afraid you lack 
the one characteristic of those peo- 
ple with a crisis of identity. 

Sun: An identity? 

Dr. Fraud: Very good. And to 
which personality should I send 
the bill? @ 41853 
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Selling Security to the CFO — Offshore: The Third Time’s the Charm 

An ex-CI0O tells how to build a credible business case / Columnist Bart Perkins says the conditions are right 
for spending money on IT security, including ROI ; for the current wave of offshore IT outsourcing to be 
calculations that even the CFO will love. Page 46 more successful than the first two were. Page 48 








DILENIMA 


PEN an online bank ac- 

count, and you'll need to 

plug in your Social Secu- 

rity number for identifi- 

cation. Get your insur- 
ance information online? Same thing. 
The nine-digit SSN is the key that un- 
locks many doors — which is conve- 
nient for the consumer but also a 
tremendous privacy threat in a world 
where identity theft is the No. 1 form 
of consumer fraud. 

Hackers or identity thieves who get 
a person’s SSN can gain access to a 
huge amount of confidential data be- 
cause the SSN has been used in so 
many industries as a customer account 
or employee number. 

Identity theft has been rampant, vic- 
timizing 3.4% of American adults be- 
tween July 2002 and June 2003, accord- 
ing to Gartner Inc. in Stamford, Conn. 
Concerns about identity theft have led 
to state legislation to restrict the use of 
the SSN on ID cards or, in the case of 
California Senate Bill 1386, to prod 
businesses into beefing up security by 
making them liable for disclosures of 
private information. 

But Jim Hurley, an analyst at Boston- 
based Aberdeen Group Inc., says better 
security still won’t solve the problem. 

“No amount of electronic security 
is going to reduce the risk of having 
these SSNs — and their owners’ identi- 
ty data — stolen, fleeced, bartered and 
otherwise !ost to the Internet winds,” 
he wrote in a recent report. “When the 
breaches become public knowledge — 
and they will — publicity flames will 
be stoked high by the newly enacted 
California statute, Senate Bill 1386, and 
the litigation-for-pay industry.” 

Hurley says there’s only one alterna- 
tive: “Eliminate [the] use of Social 
Security numbers as digital identity 
credentials, before the house goes up 
in flames.” 

But it’s not that simple. After all, 
banks must still collect their customers’ 
SSNs in order to comply with Internal 
Revenue Service reporting regulations. 
Insurers also must sometimes store 

Continued on page 44 
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Continued from page 41 

SSNs or other identifiers, such as 
driver’s license numbers, for tax or un- 
derwriting purposes. And employers 
need to keep the SSNs of their workers 
for tax purposes, even if they’re not 
used as official employee identifiers. 


“You have to divide the problem into | 


two parts: those companies that must, 
because of U.S. regulatory require- 
ments, include SSNs in their data, and 
those that do not,” says Doug Lewis, 
who recently retired as CIO at Inter- 
Continental Hotels Group PLC. 

The hotel conglomerate’s Holiday 
Inn chain once used SSNs as the prime 
identifier for its Priority Club mem- 
bers, Lewis says. “Then they recog- 
nized the privacy issues and reissued 
the Priority Club cards without SSNs,” 
he says. “The conversion consisted of 
morphing the SSN to another number 
using a mathematical algorithm.” 

Other organizations are also dump- 
ing SSNs. For example, the Georgia In- 
stitute of Technology, Northwestern 
University, Ohio State University and 
the University of Illinois have all an- 
nounced moves away from using SSNs 
on student ID cards. A handful of 
states, including Arizona, New York, 
Rhode Island and Wisconsin, have en- 
acted laws to regulate colleges’ and 
universities’ use of SSNs. 


Here to Stay 
Some companies eliminated the use of 
SSNs as employee identifiers long ago. 


“When we went global, we had to issue | 


everyone new numbers because for- 
eign employees don’t have Social Secu- 
rity numbers,” says Suzanne Gordon, 
CIO at SAS Institute Inc. in Cary, N.C. 


“We haven’t used SSNs around here for | 


system access for 18 years.” 

But for banks and other financial 
institutions, SSNs will continue to be 
found in databases, whether or not 
they’re used as account numbers, so the 
security problem remains. “I’m more 
concerned about the risk of someone 
hacking into a database, because these 


State Action 


Maryland: A measure 
to restrict use of SSNs was 
referred for study. 


Arizona: The governor 
signed a bill modeled on Cali- 
fornia’s SB 1386. 


Georgia: Legislation was 
enacted that prohibits insurers 
from using SSNs on identifica- 


tion cards. to become law. 
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Armed with one’s SSN, an unscrupulous 
individual could obtain a person’s welfare 
benefits or Social Security benefits, order 


new checks at a new address on that person’s 
checking account, obtain credit cards, or even ob- 
tain the person’s paycheck. . . . Succinctly stated, 
the harm that can be inflicted from the disclosure 
of a SSN to an unscrupulous individual is alarming 
and potentially financially ruinous. 


GREIDINGER V. DAVIS, 1993, U.S. COURT OF APPEALS, FOURTH CIRCUIT 


institutions need to maintain the Social 
Security numbers of their customers,” 


| says Barry Thompson, a banking secu- 


rity consultant in Syracuse, N-Y. 
The health care industry, including 


| insurers, faces an even more profound 


dilemma. “The entire health system, 
from providers to hospitals to insurers, 
tracks people by their Social Security 
numbers,” says Kirk M. Herath, associ- 


| ate general counsel and chief privacy 


officer at Nationwide Insurance Cos. in 
Columbus, Ohio. “It might be more se- 


| cure if everyone generated a random 


number, but then we would have diffi- 


| culty talking to each other.” 


The insurer’s conundrum is com- 
pounded by California’s SB 1386. 
Among other things, the law requires 
companies to notify consumers if they 
have reason to believe that nonpublic 
information has been compromised. It 
also prohibits the use of SSNs on mail- 
ings, whether electronic or postal, a 
provision that directly hits insurance 
companies that use SSNs as customer 
IDs. SB 1386 covers any company with 
customers or employees in California. 

“When we came to grapple with SB 
1386, it forced us to look at the issue 
holistically,” says Herath. “We decided 
it made no sense to protect the Social 


| Security numbers of California resi- 


dents only, because they were inter- 


| mingled with other customers in our 


databases. We decided compliance was 


| to be national in scope.” 





Nationwide allowed each of its busi- 
ness units to tackle the problem as it 
saw fit. “Each system is a different ani- 
mal,” Herath explains. “Some removed, 
redacted or scrambled the Social Secu- 
rity number with an algorithm. Others 
generated numbers randomly.” 


Tougher Than Y2k 


But a more stringent approach to SSNs 
is being taken by Blue Cross and Blue 
Shield of Minnesota. “We are eradicat- 
ing them,” says John Ounjian, CIO at 
the Egan, Minn.-based health insur- 
ance association. “We are not merely 
doing it with our current membership 
but also with our historical databases.” 

This task has proved to be a good 
deal more complex than the Y2k con- 
version of a few years ago. “Y2k in- 
volved a field expansion. But member- 
ship numbers are built into the data- 
base design,” Ounjian explains. 

One option is to encrypt the SSN, but 
he says he rejects that idea because “if 
for some reason the key is stolen or 
compromised, all of those ID numbers 
can be retraced to the SSN, and we’ll 
never even know it is happening.” 

Ounjian likewise rebuffs the use of 
pseudonymization, a process devel- 
oped by London-based Sapior Ltd. that 
attempts to overcome some of the dif- 
ficulties associated with encryption. 

“Encryption and password protec- 
tion provide all-or-nothing access,” 
says Steve Crutchley, chief security of- 
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ficer at 4FrontSecurity Inc., an infor- 
mation security consultancy in Reston, 
Va., that has partnered with Sapior. 

“Pseudonymization replaces identifi- 
ers with a computer-generated pseudo- 
| nym on a one-to-one basis,” Crutchley 
explains. “The true identities are re- 
tained on a secure computer system and 
available for reidentification as needed 
by those with access permission.” 

That’s not good enough for Ounjian, 
who says that, “as long as you are using 
a defined algorithm, there is always a 
master key. Like the master key to an 
office building, you are only as secure 
as the key.” 

For Nationwide’s Herath, encrypting 
the SSN would be the ideal solution be- 
cause it would maintain the connection 
among records throughout the health 
care process. But he laments that “there 
are not a lot of affordable and flexible 
encryption solutions out there. We may 
end up with a swipe card that has the 
number embedded in its strip. The 
problem there is that the family practi- 
tioner on Main Street doesn’t necessar- 
ily have the technology [to read it].” 

Meanwhile, Ounjian is spending 
$6 million to make the conversion at 
Blue Cross and Blue Shield of Min- 
nesota. “From what I hear, it takes be- 
tween $4 million and $7 million to do 
this job,” he says. Besides converting 
the databases, the association is also 
modifying applications to accommo- 
date the new member numbers and 
absorbing the costs of printing new ID 
cards for all of its members. 

For all of the effort and expense it 
takes to rid a company of the SSN 
scourge, Herath is concerned about the 
downside of this trend. “Abandoning 
Social Security numbers means that it 
will be tougher to identify people,” he 
says. “It’s more likely that there will be 
mistakes in treatment and services.” 


@ 41704 





Buxbaum is a freelance writer in 
Potomac, Md. He can be contacted 
at pab001@aol.com. 





Several states have considered restrictions on the use of Social Security numbers. 
Here’s a sampling of recent legislative activity: 


Minnesota: Legislation 
has been introduced that 
would restrict the use and 
display of SSNs. 


Michigan: Legislation 
to prohibit insurers from dis- 
playing SSNs is expected 


Missouri: The governor 


lic display of SSNs. 


signed a bill that prohibits pub-  : 


New Hampshire: Abill | Texas: The governor vetoed 
: abil that would have prohibit- 
‘ed the use of SSNs on ID 
cards and mailed materials. 


that would have prohibited in- 
surers from printing SSNs on ID 
cards was killed in committee. 


t 
t 
i 
i 
i 


' Tennessee: A bill to pro- 
tect the privacy of SSNs was 
: defeated. 


SOURCES: HEALTH INSURANCE ASSOCIATION OF AMERICA’S “STATE ISSUE TRACKING REPORT,” WASHINGTON, JULY 2003; OTHER PUBLISHED REPORTS 


Utah: The governor signed 
‘ legislation prohibiting the use 
: Of SSNs on insurance ID cards. 


: Vermont: A bill prohibiting 
| use of SSNs without prior writ- 
; ten consent died in committee. 


| West Virginia: A bill that 

‘ would have prohibited the 
recording of SSNs in public 
records was defeated. 
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SELLING 


SECURITY 


TOTHECFO 


Howto makea credible case for 
spending money onIT security. 
By Doug Lewis 
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SCOHRSHSECSHESSESHEHSESHSHESESESHEESEESEEHESHEESE 


“SHUT IT DOWN, NOW!” The guy issuing this 

command was my chief information secu- 

rity officer (CISO). The “it” he ordered 

shut down was our entire Internet infra- 
structure. That infrastructure was generating more 
than $2 million of high-profit revenue every day. Af- 
ter a sleepless night he had finally figured out why 
we were suffering a prolonged denial-of-service at- 
tack. Our firewalls should have been flawlessly de- 
flecting this attack, but they weren’t. The “bad guys” 
were on us like flies on a dead dog. 

His sudden realization was that the firewalls had 
been reloaded without any of the most critical defen- 
sive rules. 

The cause of this attack turned out to be human 
error, but the event triggered a complete review of 
our Internet security, followed by a decision to beef 
up our defenses and outsource much of our security 
administration and monitoring. 

Back in the good old days, security consisted of a 
few firewalls and some virus protection. The threats 
have outgrown those simple defenses, and the cost 
has outgrown the approval level of the CISO and, 
sometimes, that of the CIO. Fortune 500 companies 
are finding themselves with security expenditures 
that require CEO and even board-level approvals. 
Each one of these companies comes with a beady- 
eyed chief financial officer demanding a rock-solid 
business case with a credible return on investment. 

So you’ve got three problems. You’ve got to deter- 
mine the appropriate level of security for your com- 
pany. You’ve got to build a business case that non- 
technical senior executives will understand and sup- 
port. You've got to show that there’s a financial re- 
turn coming out of the investment. And all this is for 
a system where, if it’s performing perfectly, nothing 
happens, right? 

Take a deep breath. It can be done, and with credi- 
bility that even the toughest CFO will buy into. 


STEP 1 


Determine the current and appropriate levels of security. Get 
a security assessment done by a company with a sol- 
id reputation. Be sure to include vulnerability assess- 
ments and penetration tests against your key sys- 
tems. (Key systems are those that move money, cus- 
tomer data, employee data or products.) Don’t do 
this yourself. You probably don’t have the expertise, 
but even if you did, you wouldn’t have the credibility 
you need to sell the business case. 

Done right, you’ll emerge from the assessment 
with a very good idea of the state of your IT security 
vs. where you should be and what you'll need to do 
to get there. Don’t be defensive. Share the results 
with your CEO and business-unit chiefs. They'll be- 
come your allies in the fight to get the business case 
approved. Make it easy for them to understand the 
problem and the cure. 

The assessment will tell you where your defenses 
are weak and drill deeply into each area of exposure. 
You should know for each application what the po- 
tential security breach would be, the total economic 
impact of such a breach and the likelihood of the 
breach happening. The best source for this type of 
data is the annual report jointly released by the 
Computer Security Institute and the FBI. It has 
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SECURITY EXPENDITURE 
DANGER ZONE 


SECURITY PREPAREDNESS 


credibility that your CFO will respect. 

The last part of the assessment is to project your 
security costs over the next five years based on the 
use of your current technology and processes. 


Build a security plan to fix the holes identified by the assess- 
ment. Cover all the bases. Perimeter firewalls, virus 
protection, intrusion detection, internal network seg- 
mentation, applications, deployment, hiring, out- 
sourcing, training, monitoring and operations all 
need to be included. Make it a five-year total cost of 
ownership (TCO) model. Whatever you do, don’t un- 
derestimate the difficulty and cost of putting these 
pieces in place. There are countless stories of good 
people getting fired because they had intrusion- 
detection devices sitting in the warehouse six 
months after paying for them. They simply didn’t 
have the staff to install the devices. 

The TCO is going to be much bigger than you ex- 
pect. Security is expensive. However, if you don’t in- 
clude all the elements and don’t make the five-year 
TCO calculations, the CFO will just make you do it 
over, and you'll lose points. If you sneak a low-ball 
number through the approval process, you’d better 
start polishing your résumé. 


3 3 


Build an ROI-based business case for security investments. 
It can be done, and here’s how: The secret is to ex- 
plain to senior executives what you're trying to do in 
terms they can understand. They survive by making 
smart resource (money) allocation decisions. Give 
them an understandable set of facts, and they'll spit 
out the right answer. 

Start at 50,000 feet. Mental pictures and diagrams 
work well with senior execs. I use a security S-curve 
diagram (see above) and a castle-and-moat analogy. 

Explain that you’re building a moat around a cas- 
tle. Until you get the moat completely around the 
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castle, you’ve spent a lot of money with no improve- 
ment in security. That analogy represents the far left 
side of the S-curve. Until you’ve established a mini- 
mum level of protection, you're spending a lot of 
money but are still totally vulnerable. 

Once you've got the moat encircling the castle, you 
can decide how wide and how deep it needs to be. 
This is the middle of the diagram, which I call the 
Prudent Zone. It varies by vertical industry. Talcum 
powder manufacturers need less security than credit 
card processors. Building the moat a mile wide and 


| only yards deep is a waste of good money. This rep- 


resents the far right side of the S-curve. You're 
spending a lot of money and not significantly im- 
proving your security. CFOs fire CIOs who waste 
money these days; that looks really bad = ____ 

on the résumé. 

Next, drop down to 20,000 feet. Say 
what you want to do with the money 
and why. I use a risk/solution matrix. It 
takes data from the assessment and lists 
the risk areas, the economic impact of a 
security breach in each risk area, the 
likelihood of a breach happening and the resulting 
cost to the business of each breach. I match up the 
elements of my security plan against the risks and 
check every box where the plan addresses a risk. 

I like to list all the actions required to complete the | 
moat first. Then I list the actions that would bring 
the company to its Prudent Zone. Next, I list the 
things that would take the company a bit past the 
Prudent Zone — but not too far past. 

Now that you’ve anchored each proposed action 
and its cost to a financial risk model, you need to tie 
an ROI to each action. You have four fundamental 
ROI opportunities for each action: reduce current 

costs, reduce future costs, reduce the financial risk to 
the business or increase revenue (see below). CFOs 
get giddy over this stuff! 

Investment in information security can provide an 
ROI by reducing your annual loss expectancy (ALE) 
from a security breach. ALE is a calculation of the ac- 
tual cost of a security breach multiplied by the prob- 
ability that such a breach might occur in the coming 


Opportunities 


Better password administration can reduce 
the password problems that eat up a lot of IT staff 
hours and hurt user productivity. 


Improving patch management is a huge op- 
portunity for increasing the productivity of your 
IT security staff. 


* New technologies can roll firewalls and intru- 
sion-detection systems into one package, with a 
corresponding reduction in maintenance costs. 


* Consider outsourcing the monitoring of 
your security systems. Those intrusion-detection 
systems generate tons of information and need 
round-the-clock monitoring. You may want to 
hand off this job to someone who does it for 
a living. 
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year. It’s much like the actuarial calculations insur- 
ance companies use to compute your premiums. 

For example, let’s assume you have a Web site that 
does $2 million of business per day. The security as- 
sessment shows the site is vulnerable to a denial-of- 
service attack, which would result in a three-day out- 
age, and there’s a 60% likelihood of a successful at- 
tack occurring. The ALE is $2 million per day X three 
days X 60% = $3.6 million. 

The security improvement costs $500,000 and will 
reduce the likelihood to 15% and the outage to one 
day. The improved ALE is $2 million per day X one 
day X 15% = $300,000. This yields a first-year return 
of $3.3 million ($3.6 million minus $300,000) from a 


| | $500, 000 investment. 


SECURITY RO DEBATE 


For dueling views on security ROI 
see the following online columns: 
QuickLink 39728 


QuickLink 40180 
www.computerworld.com 


sot dea Now you've got all the raw ingredi- 
ents for a successful business case. 
The next step is to let your IT finance 
person produce your company’s stan- 
dard ROI financial tables and then 
wrap the assessment summary, the se- 
curity plan with its five-year TCO, the 
risk/solution matrix and the ROI calcu- 
lations into the standard company format. Remem- 
ber, you want the business case for security to look 


—_— like the business case for any other company 


investment 

Build a short PowerPoint presentation describing 
| the highlights of your story. Stay high-level. If you get 
into the speeds and feeds, your audience’s eyes will 


| glaze over, and you'll lose credibility as a business 


person. Shop the PowerPoint pitch to each senior ex- 


| ecutive individually before your business case goes to 
| the executive committee. Don’t skip the CFO. Listen 
| well and incorporate what you hear into the docu- 


ment. Now you're ready to take the business case to 
| the executive committee. 
Follow this formula, and your next problem will be 


| figuring out how to ospend the money. - 41708 


| Lewis, former CIO at InterContinental Hotels Group 


| PLC, is head of The Edge Consulting Group LLC in 


Atlanta. He can be contacted at edgeconsulting@ 
bellsouth.net. 


for Security ROI 


Proper security allows companies to safely 
Web-enable employee services such as human 
resources and travel reporting tasks, which will 
then yield administrative savings. 


The right level of security permits wireless 
networking, thus saving money on inflexible, 
wired campus networks. 


Betier security may reduce the company’s 
insurance premiums. 


You can even make the case that incremental 
revenue gains can be realized by implementing 
new projects that you would otherwise have put 
off because of data security concerns, such as 
Internet-enabling portions of your supply chain. 

- Doug Lewis 
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Survey Hints at 
Spending Uptick 
ClOs expect to increase their IT 
budgets next year by 3%, accord- 
ing to Merrill Lynch & Co.’s Tech- 
Strat Survey of 75 U.S. and 25 
European CiOs. For 2003, the 
ClOs said they expect their IT 
spending to increase an average 
of only 1% over last year’s levels. 
Also in the September report, 


the ClOs said that in an economic | 


recovery, they would be more 


likely to spend money on software | 


than on hardware and network- 
ing. Therefore, Merrill analysts 
predict that higher application 
software sales will be the “true 
sign” of an IT spending recovery. 


Dressel Named 


Siemens U.S. ClO 


Siemens Corp., the U.S. arm of 
Siemens AG, named Jan D. Dres- 
sel as CIO, effective Nov. 1. Dres- 


sel, 43, will be responsible for the 


company’s U.S. IT and e-business 
strategies and will be based at 
the company’s U.S. headquarters 
in New York. He will report to 
Klaus Kleinfeld, president and 
CEO of Siemens Corp. Dressel, 
who has worked for Siemens for 
more than 20 years, previously 
served as CIO for Siemens Asia 
Pacific in Singapore. 


ACS Wins $6M 


Medicaid Deal 


The state of Washington has 
awarded Dallas-based Affiliated 
Computer Services Inc. (ACS) a 
$6 million, five-year outsourcing 
contract to provide EDI transac- 
tion processing that’s compliant 
with the Health Insurance Porta- 
bility and Accountability Act. ACS 


processes about 17 million claims | 


per year for the state’s Medicaid 
program, which represents $560 
million in claims payments. 

Under the terms of this latest 
contract, ACS will accept and 
process transactions via a new 
HIPAA clearinghouse before 
they’re sent to the Medicaid Man- 
agement Information System for 
adjudication. 
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Offshore: The Third 
‘Time's the Charm 


N EVERY RECESSION, corporations cut costs by 

moving repetitive jobs to lower-cost countries. 

In fact, manufacturing jobs have been moving 

offshore since the 1950s. The first round of off- 

shore IT efforts began 10 to 15 years ago as a way 
to reduce the cost of maintenance for legacy systems. 
In those days, companies set up operations (or used 


outsourcers) in Ireland and 
Canada. The really adven- 
turesome went to India. 

The second round of off- 
shore IT was focused on 
fixing the Y2k problem. 

Offshore activity boomed, 
providing a way to obtain 
hard-to-find skills (like 
Cobol) and reduce the cost 
of tedious work. 

Rounds | and 2 of offshore 
IT outsourcing had mixed 
results because of telecom- 
munications difficulties, im- 
mature systems-develop- 
ment methodologies and 
cultural differences. 

But now offshore IT work is becom- 
ing increasingly popular in the execu- 
tive suite. Most companies are at least 
experimenting with sending IT off- 
shore, and a few have jumped in with 
both feet. Research indicates that these 
efforts will grow rapidly over the next 
few years, for the following reasons: 

@ Budget pressures. Although some IT 
budgets are starting to rise, most orga- 
nizations will continue to experience 
budget constraints. Some CEOs be- 
lieve that IT budget cuts over the past 
few years have not hurt their business- 
es. Budgets will likely remain flat, and 
most companies will continue to pur- 
sue cost reductions. 

@ “No-win” functions. Some parts of IT 
are always expected to work, much as 
you expect a dial tone when you pick 
up a telephone. The CIO isn’t compli- 
mented when the network is running 
(but will hear about it when the net- 





s work is down). Smart IT 
organizations are shedding 
these thankless functions. 

@ Specialized service pro- 
viders. Specialists often de- 
liver better service. With- 
out the huge scale, it’s very 
difficult for in-house IT 
departments to match the 
skills and specialized tech- 
nology of an outsourcer’s 
well-run help desk or 
server center, for example. 

Will offshore IT suc- 
ceed this time? Yes, this 
round is likely to be more 
successful because of the 
following industry changes: 

® Telecommunications quality has 
improved dramatically. International 
calls are often indistinguishable from 
local ones. And costs have plummeted. 
Long-distance calls to India can be as 
low as 2 to 3 cents per minute, if pur- 
chased in bulk. 

@ Offshore companies are trying to 
make geographical distances transpar- 
ent. Recently I received a call and fol- 
low-up fax from the administrative as- 
sistant of a Chicago-based sales rep. I 
later learned that the assistant lives in 
India but works the rep’s hours. I nev- 
er suspected she wasn’t in Chicago. 

@ Offshore software-development 
processes are improving. Indian firms 
in particular have focused on getting 
Capability Maturity Model Level 5 cer- 
tification. Our research indicates that 
India has two to three times more 
CMM Level 5 centers than the U.S. 

@ Offshore companies are expanding 





their offerings. Most have moved be- 
yond being mere body shops and are 
taking on project management respon- 
sibility. Others have vertical industry 
experience and/or business process 
outsourcing capabilities. They’ve 
grown rapidly and are winning con- 
tracts with major U.S. customers. 

@ Several lower-cost countries are 


| taking steps to protect intellectual 


property and data. For example, India 
is now debating data privacy legisla- 
tion modeled on the European Union’s 
Data Protection Directive. The legisla- 
tion’s effectiveness won't be certain 
until several cases have been tried un- 
der the statute, but the direction is clear. 

@ Culturally, companies have adjust- 
ed to working with team members 
who aren’t physically located in the 
building. Telecommuting paved the 
way; teams comprising people in mul- 
tiple locations are now commonplace. 

@ IT is maturing. Deliverables and 
service levels are emphasized as IT 
becomes more of a science and less of 
an art. In the early days, one program- 
mer defined requirements, wrote code 
and provided user support, all without 
specifications or documentation. To- 
day most large-scale projects are high- 
ly defined, easily segmented and well 
documented. Many development and 
support functions that require little 
user interaction can be performed vir- 
tually anywhere, without sacrificing 
efficiency or effectiveness. 

Absent war, terrorism or legislation, 
Round 3 of offshore IT is likely to be 
highly successful. Telecommunica- 
tions have become robust enough to 
make it practical. Offshore companies 
are changing their business models to 
better meet customer needs. IT as a 
discipline is maturing. And, finally, re- 
mote workers are culturally accept- 
able. @ 41623 





WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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Built-in Web, SNMP. Telnet tested and certified for use with InfraStruXure 


Z architecture. Before you buy, check forthe Xto ££ S1:£1t3) 
support InfraStruXure 
guarantee product compatibility arc 


With over 15 million 


Enter to WIN a FREE APC Rack PDU today. idiom Arc 


Visit http://promo.ape.com Key Code n351y © Call 888-289-APCC x6627 © Fax 401-788-2797 guarantees peace of mind. Legendary Reliability 


Reach Respected IT Leaders in i.T. Professionals 
COMPUTERWORLD | Earn Your Master’s Degree Online! 
Marketplace Advertising Se | ms. degrees 


The Computerworld Marketplace advertising sectio : i Available in: os PT teats 

reaches more than 1.8 million IT decision makers ev os i. Network Security # 

week. Marketplace advertising helps Computerwor 44 evening courses 
readers compere prices, search for the best values, ee * Computer Science 


* Electrical Engineering 7-3 Audio Lectures 


* Information Architecture , and Student 


* Information & Interface 
Telecommunications 


Systems Management 
* Business Administration a2 Accredited 
(MBA) 


To advertise, call 212-655-5111 888-522-7486 x3026 
OS SeeE Tm yeni (othe) a www.capitol-college.edu 





Senior GIS Developer sought by 
intormation technology company 
in Englewood, CO to work in 
Nestminster, CO and other 
unanticipated job sites in the 
U.S. At a senior level, engage in 
full life le software develop. 
ment of Geographic Information 
Systems software for utilities 
and communications compa- 
ies. The software applications 
are client/server based, incorpo 
rate relational database mar 
agement systems, and utilize 
\ ws NT or UNIX operating 
as. Analyze requirements 
Create designs and design doc- 
imentation. Code, test, debug. 
enhanc 
softy é ations 
with ustomers 
systems and provide 
ort as needed 
Oracle, PL/SQ 
Jages anc 
develop- 


cess. Requires bache 


foreign equivalent in 
ience engineering 
icS and com 


eering) geog 


compa 
nd C++. M-F 
-Spm 2,.777/yr. Employ- 
ment Programs, PO Box 46547 
Denver, CO 80202 and refer t 


CO505 


Director, Global Development 
Interfaces: Direct the manage 
ment of the design, develop 
ment and implementation of 
Heidelberg's global applications 
and software systems , includ 
ng, but not limited to managing 
ERP implementations utilizing 
multiple mySAP solution compo: 
nents (e.g. SAP Enterprise ver- 
sion and SAP BW), associated 
system upgrades and hotpack 
installations; the design, devel- 
opment, and administration of 
Mobile applications utilizing 
Microsoft NET/JAVA environ- 
ment, MS-SQL /SeeBeyond 
middieware, SAP R/3, AS/400 
1 Clarify as backoffice sys 
the design and _ impie- 
mentation of inbound and out 
bound interfaces connecting 
SAP R/3 /mySAP solutions to 
and from various external s 
the implementation a 
t Internet/Intranet 
Business applications utilizing 
JAVA/ATG/SAP techr 
solutions; and manage 
recruitment, hiring, firing and 
assignment of project man- 
agers, professionals and sup- 
port perso! Must have a 
Maste s Degree or 2igN 
n omputer 
ated field 


and t 3) years of experi- 


equiv 


ence as a systems engineer or 
ated fieid or a Bachelor s 
or foreign equivalent 
years of experience in 
systems engineering or a relat 
ed field. If interested 
resume to: Crawford M 
Heidelberg Americas 
1000 Gutenb Drive 
Kennesaw, Georgia 30144 


ENGINEER, Application 
(DSL). For fieldwork in 
various location in San 
Bernardino County 
Send resume to Chris 
Nallan, South Valley 
System Resources, Inc 
381  Kishimura  Dr., 


Gilroy, CA 95020 
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Senior Research Scientist. Re- 
sponsibilities include: 1/ Conduct 
research in the areas of pattern 
recognition, image analysis, PDE 
based image processing, texture 
synthesis, and 3D data process: 
ng; 2/ Conduct research in the 
areas of wireless data communi 
ation 4 data processing; 3/ 
Develop applications related to 

n, target tracking 
ai image browsing and re 
trieval; 4/ Develop applications 


related to wireless multimedia 


t extract 


ommunication and processing 
and 5/ Heip transition applica- 

to commercial products for 
ncluding 
J2ME, and Symbian 
Ph.D. in Electrical & 
+ Engineering and mini- 


year exp. in Electrical 


wireless platforms 


r Engineering, inc. exp 
programming, industri 
software development 
vetworks and com: 

week 

Job site 

resume to 


perating 


Fayetteville 


Rale’ 


cated to hel 
customers realize the benefits of 
3D yduct lifecycle manage- 
ment (PLM) solutions 


We are looking for consultants to 
valyze our ifacturing 
clients needs and configure 
ions using the Dassault 
y of PLM _ software 
Consultants will work on site at 
customer's locations and will be 
required to travel! throughout the 
United States 60% of the time 
implement PLM software; and 
provide technical support 
These positions require a 
Bachelor's degree in Mechanical 
Engineering or a closely related 
field and experience with PLM 
software 


Dassault Systemes Services 

LLC promotes a work environ- 

ment that 5 on integrity, 

t t an in. If you quali 
lease send your resun 

indicating the position of intere 

ult Systemes Servi 
LC, 10926 David T 
Suite 300, Charlotte, NC 28262 


We are an equal opportunity 


employer 


> Enggs. to lead teams 

s develop/maintain web 
appis using Java, J2EE 
Serviets, ASP, EJB, HTML 
cript, JSP, VB, SQL 
Server, etc on Windows & UNIX 
rovide training & user sup- 

port the systems and related 
appin internally & to clients 
Jebug and modify existing soft- 
ware. Require: MS or foreign 
equiv in Comp. Sci Comp. 
gg. & 1 yr exp. in IT. Full time 
Salary. Travel involved 
Respond by mail to HR, ABZ 
Consulting, Inc., 2600 Century 
Prkwy, Ste 100, Atlanta, GA 


30345 


Software Engineer 
Develop & modify customized 
computer applications inciuding 
RDC and Oracle Clinical. Use 
UNIX, shell script, c/C++/Java 
programming PL/SQL 
DYNAMIC SQL. Work with DBA 
9n performance tuning, data- 
base layout and design. Define 
functional requirements, detail 
design requirements, document 
programs as-built Production 
support, including backend data- 
base corrections and customer 
support. Req. 5 yrs prev exp 
nd resume to BLC 
ulting, Human Resources. 
26 Jefferson Court 
Wethersfield, CT 06109 


Network Engineer in Stamford 
CT-Mgmt of deployment & 
impimtn of various Exchange 
5.5 server/Exchange 2000 serv. 
er solutions; in Win 2000/NT 
envrmt; day to day Exchange 
server admin. Admin of server 
based applics. Admin of Cisco 
Routers connecting branch 
offices & Virtual Private 
Networks (VPN) appliances for 
remote uses. Maintenance & 
troubleshooting of Raptor 
Firewall & Nokia appliance run- 
ning Checkpoint Firewall systms 
for network. Perl & CGI prgmg 
for custom s/ware applic. Bach 
in Comp Sci or Engg or its for 
eign academic equiv + 2 yrs exp 
in job offd. Res: Evero Corp. 
David Jacobson, 185 Hillside 
Ave, NY, NY 11596 or Fax: 516 
747-8383 


Telecomm co. in Framingham 
MA seeks Embedded Software 
Engineer to develop real-time 
embedded telephony systems. 

ding program digital signal 
processors for modem trans 
port/voice coding and embed 
ded control essors for hard- 
ware control/encoded media 
packetization. Must have BS in 
Electrical, Electronic, or System 
Eng.; 2 yrs software develop: 
ment exp., including experience 
with embedded software devel- 
opment, C, and assembly for 
control/signal processors. 
knowledge of Internet Protocols 
for media transport in telephony 
applications. Salary $81,730/yr 
Submit 2 resumes to Case 
#200202669, Labor Exchange 
Office, 19 Staniford Street, 1st 
fl., Boston, MA 02114 


Multiple openings for Prog/Sys 
Analysts, S/W Engineers to 
design/develop S/W appls using 
some of the  foll-COGNOS 
datawarehousing; Cobol, CICS 
DB2; Java, PB, HTML, XML 
C++, VB, Oracle, Dev 2000 
wireless, web, OO technologies: 
SAP, ABAP/4; Oracle/Sybase: 
Informix database admin 
Unix/NT system admin. BS/MS 
or foreign equiv. in CS, Engg 
Science, Math,Business or relat- 
ed field and relevant exp. High 
salaries, F/T. Travel involved 
Respond to: HR, Smartsoft 
International, Inc., 4898, South 
Oid Peachtree Road, Ste 200. 
Norcross, GA 30071 


Programmer of web-based 
appins. in Visual Basic, C++ and 
Access Interactive Web Design 
Maintain company's mail order 
catalog system; develop new 
modules; custom reports to 
assist mktng., finance and ship- 
ping using Pick Database; inte 
grate off-line processing/ online 
ordering systems; maintain Unix 
Server on Pick platform, work 
stations, networks and add 
users. BS in CS or Equivalent & 
3 yrs. exp. in job duties or 5 yrs. 
exp. in job duties w/o college 
degree. Apply to: HR, Atlanta 
Cutlery, 2147 Gees Mill Road 
Conyers, GA 30013 with proof of 
permanent work auth 


Systems Analyst: Design soft- 
ware programs for company in 
the area of accounting; Creates 
& maintains company database 
Designs & mainta 
& e-business strategy & the 
website of the company; Works 
w/Macromedia flash & Photo- 
shop; Works w/ASP & cold 
fusion; Works w/SQL server 7.0- 
BS in Computer information 
Systems & 2 yrs of exp.,40-per 
wk, 9-6PM, Fax resume to 
Alexander Motors Int. Corp 
Attn: David Adrian Soae (305) 
649-9932 


the Internet 


Lecter eR eeyee 


COMPUTER 

PricewaterhouseCoopers LLP's 
GRMS practice has opportuni- 
ties available for experienced 
professionals in the area of 
Computer Security Systems 
Integration. Positions require a 
bachelor’s degree (master's pre- 
ferred) and 2 to 4 yrs related 
exp Additional qualifications 
needed include experience 
using LDAP. directories 
RDBMS, UNIX/Solaris, NT Web 
Security Tools, web server 
installation and configuration, 
firewalls, routers, load balancing 
and HTML, JSP, ASP, C++, & 
Perl language. Job site/location 
New York, NY. interested candi- 
Ss please reference job code 
me to David 
rlo, 10 Tenth Street NW, 
Suite 0, Atlanta, GA 30309 
No phone calls please 
Employer will only consider 
applicants authorized to work for 

any employer in the U.S 


Microsoft Certified Trainer 
Solartech is seeking a FT MCSD 
NET trainer with 3 yrs exp with 
BS in CS/MIS or equivalent field 
Candidate must have 
MCAD/MCSD for .NET certifi- 
cates and valid MCT status; exp 
in full life cycle development of 

osoft .NET technology 

} web based application 
jevelopment exp is a must (2 
domain names). Programming 
skills, Access, Flash, XML, web 
service, ASP ASP.NET, VB 
Script, Java Script, Com/DCOM. 
Java, SQL Server, C++, C# 
Candidate will be involved in 
coordinating all aspects of a new 
MCSD training course. Strong 
communication skills is a must 
Pls fax resume with salary reqs 
to (201)8079815 (prefer) or 
career@solartechnj.com; Job 
code: CT025 


Computer Programmer, Printers 
Manufacturer. Must have a 
Bachelor's Degree/equiv. in 
related field, and 2+ yrs IT exp 
Plan, develop, test, and docu- 
ment programs. Evaluate user 
requests for new and modified 
programs for business applica- 
tions using knowledge of Visual 
C++, Visual Basic.Net, ASP, 
NetFramework and SQL 
Server 2000. 40 hrs/wk, 9-5 
Competitive salary Send 
resume to: Prism, Inc., 1950 
Evergreen Pkwy., Ste. 500 
Duluth, GA 30096 


Network Security Administrator. 
Install, config, maintain LAN 
WAN, Internet. Maintain internal 
& external Web presence 
Admin. networks, maintain hard- 
ware & software, & perform syst 
& server backups. Design, sup- 
port, maintain server syst & soft- 
ware. Monitor & assure network 
user availability. Plan, coord, & 
implement security measures to 
regulate access & prevent unau- 
thorized use or modification 
Institute & apply EDI protocols 
for B2B communication. BS + 2 
yrs exp. Send resume to DSS 
Enterprises, 1932 Valewood 
Cir., Hoover, AL 35244 


PROGRAMMER/ANALYST 
(Manh). Develops business 
applications relating to internet 
pharmaceutical,business,inven- 
tory control,insurance, human 
resources and invoicing 
Knowledge of Visual Basic 
Crystal Reports, Sybase SQL 
11, SQL-Programmer, ERwin 
API, Active X, Windows NT, 
Unix, MS Access, Cognos 
Impromptu. B.S. Comp.Science 
2 yrs. exp. $87,776/yr. 9AM- 
5PM, M-F, 40 hrs/wk. Send 
resume or letter describing qual- 
ifications in duplicate to 
SAH1591,PO Box 703,New 
York, NY 10014-0703 


Distributed Applications 


Developer. Advanced 


level position in 
Chicago. Send resume 
to Buck Consultants, 
Inc. Attn: J. Perez, 500 
Plaza Drive, Secaucus, 
NJ 07096. Must use 
Ref#DAD-3 EOE 


Prog Analysts to analyze 
design s/w appis using SAP R/3 
ABAP/4, C, C++, Java, VB 
JSP, JScript, HTML on 
UNIX/Windows os; gather/ducu- 
ment reqs from user community: 
test/troubleshoot project appl 
code according to system objec 
tives. Require a B.S. or foreign 
equivalent in CS/Engg (any 
branch)with 2 yrs exp in IT. High 
salary. F/T. Travel involved 
Resume to HR, Smartsoft 
International, Inc., 4898, South 
1Old Peachtree Rd, Norcross 
GA 30071 


Staffing Tree, LLC has openings 
for System Analyst, IT consul- 
tants/recruiters. BS or equivalent 
required. Exp. in Oracle, Java 
C/C++, SQL & IT placement/mar- 
keting preferred. Travel required 
for some positions. We sponsor 
green card. Please contact deb- 
das@staffing-tree.com 

EOE 


IT professionals (programmers: 
system analysts, software engi- 
neers) wanted by Advanced 
Technology Group USA 
Minimum requirement is 8S 
Skills in Java, Oracle, SQL 
HTML, WebLogic, JSP, VB, EJB 
are strong plus. Please send 
resume to info@atgusainc.com 
EOE 


Seeking qualified applicants for 
the following positions in Mem- 
phis/Collierville, TN: Senior Bus- 
iness Application Analyst. Act as 
liaison between technical devel- 
opers and users/customers 
Requirements: Bachelor's degree 
or equivalent* in computer sci- 
ence, math, statistics, business or 
related field plus 5 years of expe- 
rience in analyzing business sys- 
tems and developing technical 
automated solutions. Experience 
with software development life 
cycle process and SQL also 
required. “Master's degree in 
appropriate field will offset 2 years 
of general experience. Submit 
resumes to Sibi George, FedEx 
Corporate Services, 1900 Summit 
Tower Bivd., Suite 1400, Orlando 
FL 32810. EOE M/F/D/V. 


Program Manager 

Smarte Solutions, Inc. seeks 
Special Projects Program Mgr in 
Austin, TX. Manage special pro- 
jects for customized impiemen- 
tation of technologies. Customer 
interface. Code conversion 
using VC++, MFC, + Vis Basic. 
Work w/web-based applics, e- 
commerce systems, SQL, CD 
standards, encryption & anti- 
piracy methodologies incl ISO 
9660 + DPP protocol specs 
Must have BS in Comp. Sci + 1 
yr relevant exp. Resume to 
Smarte Solutions, 611 S 
Congress Ave, Suite 350 
Austin, TX 78704 


Want a new 
IT career? 


Check out our jobs 
in the combined 
CareerJournal.com 


database. 


www.itca 


Bes 


Get Better! 


Www.itcareers.com 
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LogicaCMG has an opening in 
its Dearborn, Mi office for a 
Software Engineer to convert 
data from mainframe Legacy 
systems to Datawarehouse on 
Teradata & SQL server. Must 
have a Bachelor's degree in 
Computer Science and 1 year of 
experience in software applica- 
tions, including experience with 
Queryman, Data Modeling, Data 
Warehousing Concepts and 
Citrix Nfuse. Interested candi- 
should send resume to 
Kathleen A. Boy 

e Assistant for Humar 
LogicaCMG, 32 

Hartwell Avenue, Lexington, MA 


Prog. Analysts to analyze 
design, develop network securi 
ty s/w using VC++, C++, SQL 
Server, MS Access, IBM Visual 
Age, Apache Web Server, etc 
under Windows/UNIX os 
design server side Java 
Components, GUI using JScript 
JSP, Serviets, HTML, etc 
design and optimize database 
using JDBC, SQL, ODBC, etc 
develop encription schemes 
deploy, evaluate, test applis 
Require BS or foreign equiv. in 
>S/Computer Engineering with 
2 yrs exp in IT field. High salary 
travel involved. F/T. Resumes 
HR Lancope, Inc., 3650 
Brookside Pkwy, Suite 400 
Alpharetta GA 30022 


Seeking qualified applicants for the 
following positions in Memphis 
Collierville, TN: Senior Technica! 
Analyst Resea evaluate 
implement and coordinate 
changes to complex computer sys- 
tems/applications. Requirements. 
Bachelor's degree” in computer 
science, math, engineering or 
related field plus 5 years of experi- 
ence in systems/ applications 
development, including program 
ming. Experience with C and/or 
C++, Java and Unix development 
also required. “Master's degree ir 
appropriate field will offset 2 years 
of general experience. Submit 
resumes to Sibi George, FedEx 
Corporate Services, 1900 Summit 
Tower Bivd., Suite 1400, Orlando 
FL 32810. EOE M/F/D/V. 


WHITTMANHART is looking for 
a Senior Consultant, Oracle 
Financial Applications, based in 
Chicago, IL Applicant must 
have 2 yrs experience imple- 
menting Oracle 11i using Oracle 
Application 
Methodology (AIM), Oracle 
Developer 2000, Discoverer and 


Implementation 


Oracle Workflow. Send resume 
to: Recruiting, WHITTMAN- 
HART, 440 W. Ontario, Chicago. 
1L60610. Reference job no 
03196. WHITTMANHART is an 
equal opportunity employer. 


Programmer Analyst 
Experience in all phases of soft- 
ware development - Must be 
able to Design, develop, test 
implement and customize busi- 
ness software applications using 
UNIX (AIX, Solaris and HP-UX) 
C++ (Visual C++ and C++), C 
UML, Rational Rose, SQL 
ESQL, PL/SQL and JAVA. Must 
have used Oracle (Various 
Versions), Sybase (Various 
Versions) and Informix (Various 
Versions) for data store. 2 years 
experience on the job with a 
Bachelor's degree in 
Science/Math/Computer/Engg 
Salary 70K. Shiva Systems 
5749 Camino Del Sol Unit 206 
Boca Raton FL 33433 


13E/W/MWw 
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Computer 


Systems Analyst in Trumbull, CT 
to design, develop, implement 
maintain and fine-tune 
Windows NT as well as tandem- 
based real time systems operat- 
ing in Guardian environments 
using C/C++, COBOL, Java 
DDL, TAL, and AL program- 
ming languages and Non-stop 
SQL, Enscribe, Enable anc 
Enform database technologies. 
Industry experience and knowl- 
edge financial products, mar- 
ket data preferred BS in 
Computer Science plus 1 yr 
exp. as Systems Analyst 
alternatively, 3 yrs. exp. as 
Systems Analyst. Please send 
resumes to: The Nasdaq Stock 
Market nc 80 Merritt 
Boulevard, Trumbull, CT 06611 
or send electronically to 
careers.ct@nasdaq.com, ATTN 
Human Resources. Please ref 
erence the following number on 
your resume, #200306. We are 
an equal opportunity employer. 


Prog. Analysts to analyz 
design, develop appis using 
C++, VB.Net, ASP.Net, Java 
JSP, Java Script, COM, Oracle 
SQL Server, IS, HTML, et 
under Windows,.UNIX os, per- 
form system & functional analy 

ument development 
process test debug and 
upgrade existing software 
Require candidates with BS or 
foreign equiv. in CS/Engg.(any 
branch) & 2yrs exp. in S/W field 
F/T. Travel involved. Compe- 
titive salary. Send Resumes to 
HR, Softrim Corporation, 3443 
Pine Ridge Road, Naples, FL 
34109 


Junior Software Engineer 
Design web pages by using 
Cold Fusion. Design/develop 
database using MS Access and 
SQL. Using Dreamweaver & 
Flash 4 as well as HTML- 
DHTML. Testing the functionality 
of web pages anc systems 
Provide client technical support 
TesUmaintain software. Require 
B.S. degree in Information 
Systems & familiarity with Thai 
culture & ability to design web 
pages in Thai. $39,800 Send 
resumes to Dept. of Workforce 
Services Attn. Erlinda Anderson 
Job Order #8065570 140 E. 300 
S. SLC UT 84111 


COMPUTATIONAL ANALYST to 
develop numerical methods 
perform statistical analysis and 
generate reports for web traffic 
for the company's hosting 
clients; optimize web traffic 
delivery with intelligent targeting 
algorithms for web ads; use sim- 
ulation computation to stress 
test the company's network 
servers, provide technical sup- 
port to clients in relation to these 
hosting and advertising ser- 

Require: B.S. in Physics. 
Mathematics/Computer 
Science. Competitive salary 
offered. Apply with resume to 
Manager. The Personnel 
Department, Inc., 2971 Flowers 
Rd. S., Suite 220, Atlanta, GA 
30341 


Software Programmer: Analyze 
& design core business modules 
using PowerBuilder, Visual 
Basic, SQL Server, XML; write 
stored procedures; write scripts 
& report templates for 
CathSource, HeartSource, & 
OrthoSource applications; cre- 
ate data extracts & develop doc- 
umentation for user's guide 
Req. Bachelor's or foreign 
degree equiv in CS, IT or related 
plus 2 yrs work exp in job offered 
or in related occupation as 
Programmer, Consultant or any 
suitable combo of edu., training 
and/or work exp. Send resume 
to Goodroe Healthcare 
Solutions, Inc. 100 Crescent 
Centre Pkwy, Ste 720, Tucker. 
GA 30084 Ref JB 


SOFTWARE ENGINEER (2 
sitions) to provide on-site con 


Jesign 


ware Gg 
ADO.Net V COM/D¢ 
XML, VB 


ed techno 


Java Deve 
analyze, test 
develop w Java so 
ware as a fr nd in multiple 
RDBM (such as Foxpro, Oracle 
Interbase and Sybase) legacy 
informat ystems installed 
t server 
mple- 
ra/internet 
Developer. 
Websphere, JDK 
ing, Corba 
dictated 
assign- 
ments Juires chelor’s 
Degree ster Science 
Mathematics 
eering or Physi 
and one year xperience 
Work location: Various unantici- 
pated client sites 4 resumes 
only, n 3 to: Perry 
Senaphathy ome intern- 
ational Corp 3 D'Onofrio D 
Madison, W 


IT Program Manac Lead busi- 
ness improven rojects to 
define b requirements 
detail functional and technical 
specifications Jevelop and 
impleme »cess and tech- 
nology) solutions Work with 
business exec es t rtify 
prioritize and scope IT initiatives 
Manage team resources to 
ensure quality and deliver 
project ‘equire- 
ments includ a Bachelor's 
degree or equivalent in 
Business Management, Infor- 
mation Technology or related 
field and four years of pre- or 
post-degree experience in the 
job offered or related field of 
business process development 
Applicants mt 
ed autt zation to work in the 
United States. Salary $99,413, 
year. 40 hours/wk. Resporid 
with two f resume to 
Case 03025 Labor 
Exchange Office, 19 Staniford 
St., 1st Fl., Boston, MA 02114 


have unrestrict- 


PROGRAMMER ANALYST 
(Hackensack, NJ) to analyze 
dsgn, dvip, impimt, test, edit & 
create documentation & main- 
tain & debug s/ware applics & 
systms utilizing TFD, UID 
Passport Messaging, Dynamic 
SQL, C, Informix, Unix, WinNT & 
Korn Shell. Bach in Eng, Math or 


Comp Sci or its f 


loreign academ: 
ic equiv + 2yrs exp in job offd 
Res: The Shubert Organization 
Inc., Attn: Cathy Cozens, 234 W 
44th St, NY, NY 10036. Fax 
212-944-4569 email 
cathyc@shubertorg.com 
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CHIEF ARCHITECT/COMP. 


“PROGRAM. MGR 


Des Plaines, IL: Resp. for th 
dvipmnt & implementation 
o's new generation PrintFlow 
heduling prog. Specific d 
ude overseeing workf 
analysis, prog. dsgn, arch 
entation of p 
nctionality 


oarmrs & sft 
grmrs & sft 


supervising 


coordinating 
efforts to link co's new sys 


mfg mgmt 


aik 80 lar 


simulate 


exp. 
ms, schedu 
fast graphic 
well as stat. a 
OT as 
$88,00 
fax resume 


ector. 


planning, finance 
ing, sales and distribution 
vice management and 
management modules 
Ap knowledge of SAP data 
model and business problems 
and implement 
environment 
develop ele 
change Design and develop 
interactive and batch 
the ABAp/4 data dictionary 
SAPScripts d dialog p 
grams. Work closely with Sap 
analysts and super users within 
the business community 
Design and develop data 
conversion sessions cal 
nterfaces, data 
conversion correction and 
transport system. Requirements 
include a Bachelor's degree or 
equivalent in an Engineering 
discipline or closely related field 
and three years of work experi- 
ence in the job offered or related 
field of ABAP/4 programming 
Applicants must have unrestrict- 
ed authorization t ork in the 
United States Salary 
$73,500/year. 40 hours/wk 
Respond with two copies of 
resume to Case #200203098 
Labor Exchange Office 
Staniford St., 1st Fi.. Boston, MA 


02114 


DBAs to _instai configure 
administer Oracle database 
“Net, Net8; design & devel- 

Oracle, Dev 
2000, SQL, etc; maintain & mon- 
itor backup, recovery proce- 


using 


dures and maintain database 
security;design, code Java2 
Beans for Oracle database 
access; perform data entity 
design in Erwin, web interface 
design & appl logic definition 
Prog. Analysts to analyze, devel- 
op appls using OOAD.Java. 
J2EE, ASP, EJB, XML, Jscript 
Active X, JFC Swing, HTML,etc 
under Windows, UNIX os; per- 
form q analysis; provide on 
site maintenance such as 
debug, modify, fine tune & code 
optimization. Require: BS or for- 
eign equiv in CS/Engg. (any 
branch) & 2yrs exp in IT. Comp 
Salary. Travel involved. F/T 
Resume to: Infilink Corporation 
4 Concourse Parkway, Ste 270. 
Atlanta, GA 30328 


Software 
Independently 
ness require 
ness processes 
software 


management 
developed 


env 


may be gai 
ment experience or ir 
cC ng). M-F 
ing). N 
yr. Respond by 
Box 46547 


and refer to C 


Java Programm er Analyst 
Provide technical computer suf 
port and user 
developing 
maintaining all web applica’ 
programs for all div 

Morley Companies, Inc 

tain existing webD applicatio 
and prepare program documen 
tation. Must have Bachelor's in 
Computer Science or related 
and knowledge of AS400 piat- 
form, Web Sphere Application 
Server, and HTTP server for 
IBM, EJB, Java, JSP, & 
Javascript Send resume 
Morley Companies, Inc., Attn 
Richard Mott, One Morley Plaza 
Saginaw, M! 48603 


assistance ir 


operating, and 
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manage 

nUserver envir 

m 5pm 
Respond by resume to 
Employment Programs, PO Box 
46547. Denver, CO 80202 and 
refer to CO5057368 





Intergraph Mapping & 
Geospatial Solutions seeks can- 
didates for Product Develop 
ment positions requiring the 
m of a BS in Math 
eering or a related techni. 
discipline and experience as 
ndicated. May have MS or PhD 


with less experience 


ftware Analysts with 3 
xperience in program- 
softw 


year 


Consultants with 6 
of programming/software 
experience 
r C/C++ 
yraphics or 


ng applications 


Support Engineers with 3 
years of software support/testing 
rience using C/C++, VB 

in Windows for GIS, com 
graphics or imaging pro- 


essing applications 


Jtilities & Communication posi 
Software Analysts with 3 
years of experience in program 
ming/software analysis including 
of experience with VB 

or VC++ for GIS, com- 

‘ graphics or imaging pro: 


plications n 


Application Engineers 
positions in AL and Bellevue 
ith 6 years experience 
testing, investigating and resolv 
ng issues associated with 
xyment of software solu- 

9 RDB in Windows. 

years of experience 


XML or HTML, VB 


1 Consultant with 6 
experience in design and 
3 projects 

ympanies using 


vB 
)D 


g Support 


years of experi 


an internationa’ 
luding email ampa 
web programming, web 
Jatabase design, devel 
and programming 


wust include 2 years 


B. Mosgrove 

Graphics Drive 

Madison, AL 357: specifying 

position applied for. IMGS is ar 

Affirmative Action/Equal Oppor 
tunity Empioyer/M/F/D/V 


Senior Oracle 
[er ve vey ts 
Administrator 


tive salaries 
ent Please forwa 

ver letter and resumes to: CSC, 
Attn: Human Resources, 400 
Commerce Drive M/S 1SB6, 
Newark, DE 19713 F rence job 
Je MV012704 ir ver letter 
E, M/F/D/V 


ree 
we 


IT|careers 


Emergys Corporation. We are a 
any specializing in ERP, E- 
Business. Client-Server and 
nternet Applications. Our corporate 
arters are located in Chapel 

ina with operations 

and Canada as well. We 

doking for top-notch consul 

s with extensive experience in 
and technology areas or a 


ation thereof 


+ SAP-SAP R/2 & R/3 Functional 
and Technical Consultants in: Fl 
CO, FI-TR, Fl-Planning, & HR, SD 
MM, PP, PP-PI, AM, PM & PS 
SAP-EDI, ALE 
low, BAP, APO, myS. 


Market ERP apr 


Financials - AR, AP. 
Forecasting, Movex 


er, Movex View Generator, 


ade & Logistics. 
‘ost Accounting, 

produ 

s, CRM, Product 


+ RDBMS--Oracie, Sybase 
nformix, MS- SQL Se 

* Tools & O/S -Designer 2! 
Developer 2000, Oracle Case. 
PL/SQL, SQL SQL*Loader 
SQL*Reports, SQL*Formsw 
SQL*DBA, Sybase SQL, Sybase 
DBA, T-SQL, DB-Lib, CT-Lib 
Poi der, UNIX, AIX, LINUX 
VR, Sur arc 

aris, Windows NT, SQR 

MQ Series 
+ Internet Applications--Visual 
Basic, Activ COM/DCOM, ASP, 
VB Script, Visual J++ 
Oracle Wet Visual Cafe. 
MFC, MTS, Jav Java 

5 JDBC, JFC 


Visual C++ 


e--ARIBA 
3 rceOne, MS 
le Server, IBM Net ¢ 


mino- Action, Merchar 


ments: Bachelor's 
degree ir 
Engineering 
Technology 
with 1 to 5 yrs. expe: 
Must be willing 
s throughout 
ipetitive salaries 
Please wr e-mail 
umes » Emergys 
Quadrangle 
Hill, NC 
408-3384 
ruit@emergys.con 
this ad reference 


in the subject 


ill-time Director, Customer 
pare: Direct and manage cus- 
tomer care services programs 
for software product sales within 
the Air Transport Industry 
Responsible for supporting the 
ustry and Passenger 
Solutions applications with all 
customer service issues, includ- 
ng service delivery, problem 
management, and service lev- 
els Drive customer service 
improvements through refining 
processes and procedures using 
Lotus Notes, Microsoft Outlook 
Smartsuite, MS Office, Corel 
Draw, UNIX, Windows 2000 
Windows NT, OS/2. Must have 
Bachelor's degree in Business 
or related field. Foreign 
g equivalent accepted 
Must have 6 years experience in 
job offered or position with same 
duties. Salary: $95,000. Send 
resume to Natasha Lyttle, Ref. # 
NCLOO2, SITA INC, 3100 
Cumberland Boulevard, Suite 
200, Atlanta, Georgia 30339. 


Full-time Programmer Analyst 
Must have a Bachelors Degree 
in Computer Science or related 
field. Foreign degree equivalent 
accepted. Educational or work 
background must have included 
the following skills: "Promising 
Related" Oracle Applications. 
Oracle Applications 111, SQL 
Report Writes, Unix, MSQI 
Oracle ERP applications includ- 
ing the following: OMS, APS 
(GATP/SCP), PL/SQL, C, Perl 
MQSeries and XML. Salary 
Competitive. Send resume to 
Robbin Lee, UPS SCS, 12380 
Morris Rd, Alpharetta, GA 
30005. Employer will not spon 
sor visas for this position 


JAVA ENGINEER Utilizing 
commodities market knowledge. 
develop object-oriented soft- 
ware using Java and Oracle 8.i 
RDBMS and Oracle Web 
Application Server for electronic 
commodity marketplaces. 
Design and write software spec 
ification for applications based 
on requirements and architec- 
ture specifications. Implement 
software modules to specifica- 
tion; create test plans and test 
software modules; develop tech- 
nical documentation detailing 
project design parameter; assist 
n developing user guides/manu 
als and training material 
Perform complex analysis of 
functiona requirements _ for 
automation of information pro- 
cessing; translate requirements 
for large projects, minor 
enhancements and bug fixes 
into technical design specifica 
tion Require Bachelor's 
degree in Computer Science. 
Information Systems, or closely 
related field, with 2 years of 
experience in the job offered or 
in Software/Network design and 
development; Prior experience 
must include 2 years in JAVA 
and UNIX programming. 8 am 
to 5 pm, M-F. Send resume to 
HR, Intercontinental Exchange. 
Inc. 2100 RiverEdge Parkway. 
Atlanta, GA 30328 - (No Phone 
Calls Please) 


Sr. Systems Analyst. Analyze 
user reqts, procedures, prob 
lems to automate processing or 
improve computer system 
Prepare charts and diagrams to 
detail operations performed by 
computer programs; Design 
analyze, plan develop, imple 
mentation, document of applica 
tions to convert Ormet business 
system functionality to Intranet 
Internet; design and maintain 
infrastructure to support applica- 
tions; Collect, analyze, report 
Statistics re: Ormet internet 
usage; Design, develop, main- 
tain, integrate legacy back-office 
ERP Systems. B. S. in Comp 
Sc, Elect Eng, or IS + 2 yrs exp 
in field. Exp. in systems analysis 
and design; case methodolo- 
gies; database and multiple piat- 
form connectivity; designing 
developing, maintaining and 
integrating legacy back-office 
ERP Systems such as JBA, and 
ProfitkKey and developing e- 
commerce appl w/ Microsoft 
NET, Visual Studio.NET, c#.NET 
VB.NET, C++, VC++, AS400 
SQL/400, IS, ASP, HTML 
DHML, VB Script, JavaScript 
UML, Visio, SQL Server 2000 
and Oracle Qi 40hr/wk 
$64,500/yr. Must have perm 
work auth to work in U.S. Send 
resume to: Ms. Nisley, Ormet 
Primary Aluminum Corp, PO 
Box 176, State Rte 7, Hannibal 
OH 43931 


Medical Imaging Software 
Engineer - Must have M.S. in 
Computer Science or 
Biomedical Engineering. To par- 
ticipate in the research and 
development work of the compa- 
ny's new 3D image display prod- 
uct: Computed Tomography 
Laser Breast Imaging System 
(CTLM). Will be responsible for 
creating an interface software 
which will integrate functions of 
scanner ntrol inal acquisi- 
tion, image reco uction, and 
patient database. Will have the 
additional responsibility of 
ensuring that all products are 
DICOM compatible, developing 
software for the Company's 
medical device product, devel- 
oping utility programs and tools 
to support other software engi- 
neers, and developing docu- 
mentation as per the Company's 
software development method- 
ology. Qualified candidates must 
send resumes to Imaging 
Diagnostic Systems, Inc, Trishia 
Firth, H.R. Manager, 6531 NW 
18th Court, Plantation, FL 
33313 


Laced acres eR eceyen 


Senior Programmer/Analyst to 
analyze, design develop 
implement and support applica- 
tion software in a client/server 
environment using JSP, 
Serviets, EJB, Web Services 
Cold Fusion and SQL Server 
under Windows and UNIX 
operating systems. Require 
B.S. degree in Computer 
Science/ Engineering, or a 
closely related field with 2 yrs of 
exp in the job offered or as a 
Programmer. Extensive travel 
on assignments to various 
client sites within the U.S. is 
required. Competitive salary 
offered. Apply by resume to 
Pishu Harjani, Focus Software. 

22 Perimeter Center East 
Ste 2205, Atlanta, GA 30346 
Attn: Job MS 


SOFTWARE ENGINEER to 
design, develop, implement and 
integrate web-based application 
software using Java, JSP, 
Serviets, JDBC, XML, XSL 
J2EE, MySQL and Struts on 
Windows and UNIX platforms 
Design test cases to measure 
application performance using 
Load Runner. Require: M.S 
degree in Computer Science, an 
Engineering discipline, or a 
closely reiated field with 2 yrs of 
exp in the job offered or as a 
Programmer/Analyst. Extensive 
travel on assignment to various 
client sites within the U.S. is 
required. Competitive salary 
offered. Apply by resume to 
Eduardo Santos Custom 
Software Solutions, Inc., 1002 
Williamson Lane, Sneliville, GA 
30078; Attn: Job AS 


bs Se 


WORLD’S 


BEST 


fF TOOL 


IS IN 
YOUR 


HANDS. 


THE 


WORLD’S 


BEST 


ll TALENT 


eo.) 


OURSITE. 


GALI 


(800) 762-2977 


OR 


eck us out at 


PROGRAMMERIANALYST _ to 
analyze, design, develop, imple- 
ment, and support internet/ 
intranet based application soft- 
ware using C, C++, Cold Fusion 
MS Access, Java, SQL Server 
Power Builder, Oracle, HTML 
ActivexControls, Visual Source 
Safe, and Java Script under 
Windows operating systems 
Require B.S degree _ in 
Computer Science, an Engin- 
eering discipline, or a closely 
related field with two years of 
experience in the job offered or 
as a Programmer. Extensive 
travel on assignments to various 
client sites within the U.S. is 
required. Competitive salary 
offered. Send resume to Pishu 
Harjani, Focus Software, Inc., 22 
Perimeter Center East, Suite 
2205, Atlanta, GA 30346; Attn 
Job SS 


Senior Engineer: Participate in 
all phases of System Life Cycle 
to dev auto & other appli in 
CAD/CAM/CAE/KBE. Prepare 
specs, sys analysis, design, dev 
construct KBE s/wr using |CAD 
Product, OO dev language 
based on Common LISP w/ OO 
IDL. Dev & test Production User 
Interface, integrate ICAD w 
other appl. Build generative 
models to capture design, engg 
manufacturing & other process- 
es used by engineers. Job loca- 
tion: Farmington Hill, Mi & at 
client sites. Bachelor's in ME 
CE, EE, Industrial or Electronics 
Engg, w/ 2 yrs exp in the job 
offered or as System Consul- 
tant. Degree may be equiv.40 
hrs/wk,8am-5pm.$83,388/yr.No 
OT. Employer Paid Ad. Send 
resumes to Reference #211445. 
P. O. Box 11170, Detroit, MI 
48202 


Programmer/Analyst: Analyze 
design, develop, test, imple- 
ment, modify and maintain cus- 
tomized software applications in 
a client/server environment 
using Oracle databases as well 
as SAS/IDMS/JCL May be 
used on multi- tier systems relat- 
ed to Internet/Intranev/E Comm- 
erce. Must have Bachelor's or 
equivalent in CS/Engineering: 
Math or related. Must have 2 
yrs exp. in job offered or 2 yrs 
exp. in software development 
using Oracle Databases. Must 
be willing to be assigned to 
unanticipated client sites 
throughout the United States 
Salary: $57,300.10/yr. Hrs 
8:00am-5:00pm, 40/wk. Please 
send 2 copies of resume to 
Case # 200202928, Labor 
Exchange Office, 19 Staniford 
St., 1st Fl., Boston, MA 02114 


; w.itcareers.com 
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Engineer Implementation 
Engineer- Design, implement 
troubleshoot & test voice record- 
ing systems at client sites 
Integrate system into client's 
systems. Participate in develop- 
ing implementation plans, site 
surveys & technology assess- 
ments. Provide feedback to 
R&D department. Req'd: Bach 
Deg. in Electronic or Electrical 
Eng'g, Syrs. exp. in the job 
offered, or in a computer 
telecomm. integration occup 
Must have exp. with CTI 
LAN/WAN, CRM, SQL, & 
Windows platforms. Must be 
willing to travel at least 80% of 
the time (can be based in any 
location) Resume to: NICE 
Systems, Inc. 301 Rte. 17 N 
10th Fl., Rutherford, NJ 07070 
Attn: G. Farese 


Computer 
Java Architect 


to work W/ C,C++, Java 
XML, SOAP, RMI, J2EE 
CORBA, JNI, Tomcat, Ant 
Struts, Rational Rose, Siebel 
CRM-Call Center, NAS, ERP, 
AS/RS, Oracle, Windows 
Solaris, HP-UX, Linux. Must 
have BS in CS or related field 
+6 yrs relevant exp. Resume 
to Recruit3@artizen.com 
Artizen, Inc. San Carlos, CA 


Looking For 
A 
New Career? 


The new 
itcareers.com 
and 
CareersJournal.com 
combined jobs 
database can help 


you find one. 
Check us out at: 
www.itcareers.com 
or call: 


800) 762-2977 


IT|careers.com 


Programmer Analyst various 
locations throughout the U.S 
Analyze science, engineering 
business and all other data pro- 
cessing problems for application 
to electronic data processing 
systems. Analyze user require- 
ments, procedures and prob- 
lems to automate or improve 
existing systems and review 
computer system capabilities. 
workflow and scheduling limita- 
tions. Must have Bachelor's in 
engineering or computer sci- 
ence and 2 yrs exp as comp pro- 
fessional. 2 yrs exp must include 
1 yr exp w/DB2, Unix, NT, 
Peoplesoft Financials 7.5/8.3 
SQR, Oracle, Sybase, Windows 
NT, Peoplesoft HRMS 8.4 and 
PeopleCode. Must have experi- 
ence wideveloping and testing 
programs, preparing reports 
and performing database analy- 
sis. Position is 40 hrs/wk from 8- 
5 wiyrly wage of $70,000 
Submit resume to Manager 
Butler County CareerLink 
Pullman Commerce Center, 112 
Hollywood Dr. Ste 101, Bulter 
PA 16001-5699. Reference job 
order #WEB362393 


Principal Software Engineer - 
Westford, MA. Develop traffic 
management software for real- 
time multi-service telecommuni- 
cations switches, including both 
system software (protocol and 
call processors) and device dri 
vers. Perform extensive soft- 
ware engineering, including test- 
ing, redesign, and assembly- 
level debugging to make the 
microprocessor- and microcon- 
troller-based telecommunica- 
tions products as fast, efficient 
and reliable as_ possible 
Requires a Master's degree in 
Comp Sci, Elec Eng, or related 
field, and 1 year of exp in job 
offered or 1 year of exp as 
Software Engineer or related 
occupation. The 1 year of exp 
must include software engineer- 
ing of real-time telecommunica- 
tions switches, including sys- 
tems software and device dri- 
vers. 40 hrs/wk, 9:00 am - 5:00 
pm, Salary: $95,000 /year. 
Please send two (2) resumes to 
Case# 200203148 Labor 
Exchange Office, 19 Staniford 
Street, 1st floor, Boston, MA 
02114 


SOFTWARE ENGINEER to 
design and develop business 
computer software for manufac- 
turing, distribution and EDI 
applications using ILE 
RPG/RPG IV, CLP. SQL/400 
EDI (Gentran & Premenos), MS 
Project, MS Word, PowerPoint 
and Visio on AS/400 and 
Windows NT platforms. Require: 
Bachelor's degree in Computer 
Science/Info Systems, Business 
Admin, or a closely related field 
with 5 yrs of exp in the job 
Offered or as a Programmer, 
Analyst; Experience gained 
before or after earning the 
Bachelor's degree will be 
accepted. Extensive travel on 
assignment to various client 
sites within the U.S. is required 
Competitive salary offered 
Send resume to: Sherry Lucki 
ABT Solutions, 8529 South Park 
Circle, Ste 260, Orlando, FL 
32819; Attn: Job LP. 


Software Engineer responsible 
for support of PeopleSoft HRMS 
& Financials involving functional 
analysis, design and customiza- 
tion of the application. Exp- 
erience in People Code, People 
Tools, SQR, Crystal Reports. 
Work Flow, PeopleSoft Internet 
Architecture is required.Require 
BS Degree in _ Science. 
Engineering or a closely related 
field with 2 years of progres- 
sively responsible experience in 
the Job offered or in the related 
occupation of Programmer 
Analyst. Extensive travel on 
assignments to various client 
sites within the US is required 
Competitive salary offered 
Apply by resume to Ravi 
Kandimalla, Everest Computers 
Inc., 900 Old Roswell Lakes 
Parkway, Suite 300, Roswell 
GA 30076; Attn: JobMK 


Req'd Computer Software 
Developer Deiphi Progra- 
programs and 
applications for microcomputers 
and LAN stations: Design data- 
base man ment systems and 
environment for MSDOS 

Windows '95 operating systems 


mmer): Devel 


utilizing various software appli- 
ations written n either 
DATAFLEX C ¢ Delphi 
Engage in nt ver applica 
tions and SQL Database set up 
and design; Prepare functional 
specifications and design soft 
ware programs and modifica- 
tions based upon t needs: 
build detailed specifications and 
programs for scientific engineer 
Mg and/or business applica- 
tions; Test units and computer 
software systems and conduct 
end user training prc grams. 
Must have elor's degree o 
equ Electronic Cones 
unications and three (3) years 
experience in such occupations 
as Sr. Programmer, Software 
Applications Engineer/Deve 
loper/Designer/Programmer, Sr. 
Software Developer/Engineer. 
Software Development Mana- 
ger, Programmer/Analyst, MIS 
Engineer or IP Engineer. Edu- 
cational credentials as deter- 
mined by an accredited 
Credentials Evaluator. 40hrs/wk 
@ $62,718.24 per year. Must 
have proof of legal authority to 
work in the U.S. Send resume 
to PO Box 11170 Detroit 
Michigan 48202 Reference 
NO.: 211076 EMPLOYER PAID 
AD 


UNIX SYSTEM ADMINISTRA- 
TOR: Maintaining and adminis- 
tering critical Solaris and AIX 
Unix Servers. Work with a sup- 
port team arid provide 7x24 
coverage for the TOS Unix 
Infrastructure. Provide techni- 
cal guidance and implementing 
Innovative solutions to enhance 
reliability, availability and perfor- 
mance of production systems 
40 hours per week. $56,000, 
year. 8:00 a.m. to 5:00 p.m 
Bachelor's degree or equivalent 
in Computer Science 
Engineering. Equivalent werk 
experience or a combination of 
work experience/Education 
would be accepted in lieu of a 
bachelor's degree. Five years of 
experience in job offered or five 
years of experience in related 
occupation of Unix/Solarix/AIX 
systems administration. Must 
have proof of legal authority to 
work in the United States 
Send your resume to: South 
Dakota One- D Career 
Center, 811 E. 10th Streei, 
Sioux Falls, SD 57103-16500. 
T:605-367-5300 F:605-367- 
5308. Please refer to Job Order 
#SD1237205 


SENIOR SYSTEMS ADMINIS- 
TRATOR to administer, monitor 
and configure SUN Solaris. 
Windows, Linux and Web 
Servers in large LAN/WAN envi- 
ronment; Develop and trou- 
bleshoot DNS Servers and 
Proxy Servers; Configure Cisco 
routers, Cisco switches and 
Cisco PIX firewall; Develop pro- 
duction work plans for J2EE 
applications; Develop Shelli 
Scripts to automate jobs arid 
install system utilities. Require 
Bachelor's degree (or equiva- 
lent) in Computer Science 
closely related field with 2 yrs o 
exp in the job offered; E 3y 
of progressively responsible 
work exp in the field will be con- 
sidered equivaient to 1 yr of col- 
lege education. Extensive travel 
on assignment to various client 
sites within the U.S. is required 
Competitive salary offered 
Apply by resume to: Vishy 
Dasari, Objectnet Technologies. 
Inc., 1117 Perimeter Center 
West #E104, Atlanta, GA 
30338; Attn: Job VS 
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Meet Face-To-Face With Leading Employers At The... 
RS I F Y¥ 


CAREER Fa FAIR 


WASHINGTON, DC 


Tues., OctoBer 21 
McLean HILTON Hore 


7920 
JeU 


GREENBELT, MD 


Tuurs., Octoser 23 
oe Crosswinps 


Exhibit Hours for Both Events: 11:30am - 4:30pm ¢ Free Admission 
Employers - To exhibit, please call Gloriann Clark at 310-309-4409 


SYSTEMS ADMINISTRATOR 
Design, implementation, config- 
uration and maintenance of 
Solaris 8.0 On Sun Enterprise 
Server environment using differ- 
ent tools such as Veritas 
Volume Manager. Veritas 
Netbackup, Legato Networker. 
Implementation of TCP/IP net- 
works in clienUVserver environ- 
ment Viz (NIS, SNS, NFS and 
Automounters) coordination 
with database administrators 
and heip desk support team to 
provide support for day-to-day 
remedy ticketing systems, user 
maintenance, problem solving 
documenting, and streamlining 
procedures. 40 hours/week 
8:00 a.m.to 5:00 p.m 
$52,000/year.Bachelor's degree 
or equivalent in Computer 
Science/Engineering. Five years 
of experience in job offered r 
related occupation. Must have 
proof of legal authority to 
work in the United States. Send 
your resume to the lowa 
Workforce Center, 590 lowa 
treetDubuque 1A 52004 
0757. Please refer to Job Order 
#1A1101794. Employer paid 
advertisement 


Technical Consultant: Parti- 
cipate in analysis, design, devel- 
opment (coding), testing& imple- 
mentation of eCommerce & 
eBusiness solution. Use Siebe! 
C, C++, Corba, Java. Ensure 
customers success. Require 
travel throughout U.S. Send 
resume to Envisage Solutions 
18300 Von Karman Ave., Suite 
20, Irvine 


CA 92612 


PROGRAMMER ANALYST 


Must have two years exp 
Job Offered. Plans, dev 
ss & documents 
programs, applying 
of programmi 
computer systems. 
user request for new o 
programs to determine feasibili 
ty, cost & time required, compat- 
bility with current system, & 
computer capabilit dentifies 
current operating procedures & 
ciarifies ts bjectives & 
nverts pro 


structions for ¢ 
anguage processable by 
computer. Analyzes, reviews & 
alters program to increase oper 
ating efficiency or to adapt to 
newer requirements. Bachelor's 
quivalent in 
Electronics 
En gineeri ing, Comp 
or closely allied 


Manager. 
Service 


Programmer Analysts fi 
NJ & elsewhere 
east 2 yr: 
nix, Lotus Notes 

DB2 Sybase 
MineShare & Geneva. Some 
positions req Bach or Masters 
Must have legal auth to work in 
US. Excellent pay & benefits. 
Email resume w/proof of work 
status to. 
ashok@01voicebits.net 


October 13, 2003 


t enhancements t 
processor software 


j-to-end 
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degree 
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) pm, Salary 
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Bachelors/Equivalent 
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Resume to k Petals 


Distributing, Inc., 320 Brannon 


Rd., Cumming, GA 30041 
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NEWS 


IBM Releases Distributed File 
System for Multivendor SANs 


Virtualization software plays key role; 
support limited to IBM arrays for now 





BY LUCAS MEARIAN 
BM TODAY PLANS to re- 
lease a distributed file- 
system technology that it 
said will provide storage 
management capabilities 
across storage-area networks 
(SAN) with disk arrays and 
servers from multiple vendors. 

The TotalStorage SAN File 
System offering is based on 
IBM’s Storage Tank virtualiza 
tion software, and it works by 
creating a file-sharing proto- 
col that lets servers use a dis- 
tributed storage network as if 
it were a local file system. 

“In theory, all the big ser- 
vers in a SAN will be able to 
concurrently access the same 
data,” said Steve Duplessie, an 
analyst at The Enterprise Stor- 
age Group Inc. in Milford, 
Mass. 

But for now, the SAN File 
System supports only IBM’s 
own Enterprise Storage Server 
disk arrays plus servers run- 
ning its AIX operating system 
and Windows 2000. IBM is 
trying to convince other ven- 
dors to link their storage de- 
vices to the technology under 


SAN File System 
™ Software agents are installed 
on file servers to make them 
look like a local file system to 
application servers. 


SPS GRAPE He Oe OOD RET ee RE ES 


= Metadata appliances based 
on IBM's xSeries servers keep 
track of information such as the 
physical location of data. 


= Pricing starts at $90,000 
for a configuration with two 
dual-CPU metadata servers. Ad- 
ditional servers cost $16,000. 


a plan announced last spring. 
IBM also plans to release 

versions of the SAN File Sys 
tem bundled with Linux-based 
versions of its xSeries servers 
| “shortly,” said Jai Menon, its 

| chief technologist for storage 
systems architecture and de- 
sign. In the spring, IBM had 
said those bundles would be 


Continued from page I 
RFID Tags 


the Pentagon plans to use 


oped by EPCglobal Inc., a joint 
venture between Uniform 
Code Council Inc. in Law- 
renceville, N.J., and EAN Inter- 
national in Brussels. 

EPCglobal, which previous- 
ly was called AutoID Inc., re- 
leased the technical specifica- 
tions for an RFID-based EPC 
network and supporting tech- 
nology last month. 

The Defense Department’s 
timetable for starting to use 
RFID technology is ambitious, 
Estevez acknowledged. None- 
theless, military officials be- 
lieve that suppliers will be 
able to meet the rapid rollout 
schedule, he said. 

But Kara Romanow, an ana- 
lyst at AMR Research Inc. in 
Boston who cited both soft- 
ware and hardware impedi- 
ments, said the early 2005 
deadlines imposed by the Pen- 
tagon and Wal-Mart are highly 
impractical. For example, she 
said, RFID tags currently have 
a 20% failure rate and can’t 
stand up to the kind of envi- 
ronmental extremes that mili- 
tary units face. 





electronic product code (EPC) 
standards that are being devel- | 


ready to ship in December. 
Keith Stevens, a systems ad- 
ministrator at Johns Hopkins 
University’s Center for Car- 
diovascular Bioinformatics 
and Modeling in Baltimore, 
said he’s waiting for the Linux 
versions to become available. 
Stevens currently uses the 
Network File System (NFS) 
protocol to share data among 
Windows, Linux and AIX 
servers that are used to crunch 
data for cardiac research. But 


he said NFS is too slow. 

In addition to Storage Tank, 
the SAN File System includes 
metadata servers and software 
agents that are installed on 
each file server on a SAN (see 
box). The metadata servers 
keep track of information such 
as the physical location of 
data, file sizes and end-user 
access permissions. 

Francois Fluckiger, deputy 
head of the OpenLab project 
at CERN, a nuclear research 


How RFID Works 


= Passive RFID devices useembedded_ : 
antennas with a range of up to 10 ft. : 
to let data be “read” by low-powered ra- 
dio transmitters 


@ Active tags have built-in minitrans- 
mitters and store data that can be read 
at distances of 300 to 400 ft. 


@ Passive tags can store 128 bytes 
of data, and active ones can handle 
128KB. By comparison, bar 

codes have a 1.1-byte capacity. 


The cost of the de- 
vices is another hur- 
dle. Passive RFID tags 
typically sell for up to 50 cents 
each. Bentonville, Ark.-based 
Wal-Mart wants to see that 
lowered to 5 cents per tag. Es- 
tevez said the Defense Depart- | 
ment is looking for “the lowest | 
possible price,” but he didn’t 
disclose any cost targets. 


Active Interest 

In addition to requiring sup- 
pliers to use passive RFID tags 
on pallets and cases, the Pen- 
tagon has instituted a formal 
policy to put active RFID tags 
on all of the 20- and 40-ft. 
shipping containers used by 
the military. Estevez said. That 
has been done on an ad hoc 





: MRFID systems can read tags on 


cases that are stacked on top of 


: one another, without requiring a direct 
: line of sight. 


: ® In addition to shipping applications 
: RFID tags can be used to track bag- 
: gage and can be sewn into gar- 

: ments for inventory con- 

: trol purposes. 


An RFID tag 
with antenna 


basis until now, primarily 

by the U.S. Army. 

Active RFID tags offer more 
capabilities than their passive 
counterparts but cost much 
more. RFID proponents claim 
that both kinds of tags can 
store more detailed informa- 
tion about products and mate- 
rials than conventional bar 
codes (see box). 

Wynne, in his policy memo, 
said the military plans to use 
RFID technology to “improve 
our business functions and fa- 
cilitate all aspects of the De- 
fense supply chain.” It also ex- 
pects improvements in “data 
quality management, asset vis- 
ibility and maintenance of ma- 
teriel,” he added. 
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laboratory in Geneva, is test- 
ing the SAN File System with 
some of his servers. CERN 
plans to give researchers on- 
line access to huge amounts of 
data from an atomic accelera- 
tor that smashes nuclear parti- 
cles together. In order to do 
that, it needs a distributed file 
system, Fluckiger said. 

“The storage issue is one of 
most stringent requirements 
of all,” he noted. “We're plan- 
ning on storing 15 petabytes of 


data per year.” @ 42013 


RIVALS PLAN TIES 


IBM and EMC have 

for exchanging storage 
QuickLink 42022 
www.computerworld.com 


d on a framework 


But many suppliers will 
have to make massive IT in- 
vestments to support RFID, 
with little in the way of tangi- 
ble returns “aside from meet- 
ing the mandate,” said Mike 
Liard, an analyst at Venture 
Development Corp. in Natick, 
Mass. The cost of RFID read- 
ers and systems could run as 
high as $100,000 in a single 
warehouse, Liard said. 

Larry Kellam, director of 
supply network innovation at 
Procter & Gamble Co., said 
that at 5 cents per tag, it would 
cost the Cincinnati-based con- 
sumer goods maker about $110 
million to put RFID devices on 
all of the 2.2 billion cases and 
pallets it ships annually. 

But the data produced by 
RFID technology could offer 
a big payback in the form of 
better inventory management, 
Kellam said. If done right, 
RFID should help ensure that 
products are available on store 
shelves while also lowering 
warehousing costs, he added. 

P&G is one of the top 100 
suppliers to both Wal-Mart 
and the DOD. Romanow esti- 
mated that P&G and the other 
99 companies that Wal-Mart is 
working with will have to 
spend a total of $2 billion by 
the end of next year to meet 


its RFID mandate. @ 42033 
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FRANK HAYES # FRANKLY SPEAKING 


ack-seat Drivers 


HAT’S DRIVING IT at your company these days? 
We all know the politically correct answer: IT 
should be driven by business needs and opportu- 
nities. We also know the realities that are as old 
as IT itself: IT is also driven by politics, fads, per- 
sonal preferences and the ability of some darn friendly sales guys to 


close some darn friendly deals. 


But it doesn’t end there. Today there are lots of other people grab- 
bing for your steering wheel. They want to drive IT too. 


For example, last week Microsoft announced 
that it’s making changes to the way Internet Ex- 
plorer handles Web site content that depends 
on browser plug-ins — which includes Java, 
Macromedia Flash and ActiveX content. If you 
use that kind of content and don’t make the 
changes Microsoft specifies, your content won’t 
always display the way you designed it to. 

Microsoft isn’t grabbing the wheel merely to 
show that it can; the company just lost a half- 
billion-dollar patent-infringement lawsuit relat- 
ed to those plug-ins. So Eolas Technologies and 
the University of California, which control that 
patent, are doing some of the driving too. 

Microsoft was awarded a patent of its own 
last week — this one having to do with how 
instant messaging programs notify users of ac- 
tivity. The patent may also apply to other in- 
stant messaging programs, such as the ones 
from America Online and Yahoo. If those ven- 
dors decide to make changes, and you’ve built 
applications that depend on the way they were, 
you might find yourself with still more hands 
on the wheel. 

It’s not just patents driving those changes, 
either. Two years ago, Microsoft and Sun Micro- 
systems settled part of their running legal battle 
over Java, and Microsoft agreed that 
it would stop all Java support at the 
beginning of 2004. Last week the 
two companies agreed that Micro- 
soft will keep doing security up- 
dates on its Java implementation 
through next September, giving cus- 
tomers more time to migrate away 
from it — and for now, a little more 
flexibility in their steering. 

And last month, VeriSign, which 
controls the domain name databas- 
es that let computers find one an- 
other over the Internet, forced some 
companies to scramble when it uni- 





FRANK HAYES, Computer- 
world’s senior news colum- 
nist, has covered IT for more 
than 20 years. Contact him at 


laterally changed the way the system works, 
breaking some applications. VeriSign has tem- 
porarily stopped what it was doing but is mak- 
ing no promises about how long the respite will 
last before it grabs the wheel again. 

And those are just the pure-technology 
drivers. There’s also a long history of cus- 
tomers forcing technology changes on their 
suppliers. (Remember EDI?) 

Last week that process started again, when 
the Defense Department announced plans to 
require all suppliers to use radio frequency 
identification tags on everything sold to the 
military by 2005. Wal-Mart and other compa- 
nies are experimenting with RFID technology 
too, which means you may soon be turning in 
that direction whether you want to or not. 

And that’s only about a week’s worth of extra 
IT drivers. They’ll keep piling up — drivers that 
aren’t aimed at using IT for efficiency or inno- 
vation, but just one thing after another that 
you'll have to make decisions about and maybe 
spend money on, regardless of whether they 
benefit your business. 

You can’t afford to let them get control of 
where your IT work is going. Yes, it’s important 
not to lose track of these extra drivers. Keep 
scanning the news for them. Follow 
the ones that might affect your 
projects. Make contingency plans. 
Stay prepared. 

But don’t let them pull you off 
course. The demand for IT to stay 
sharply focused on business needs 
and opportunities will only in- 
crease in the months ahead. Plan 
for those unexpected hands on the 
wheel, but keep a firm grip on it 
yourself. 

That’s the only way to make sure 
business stays in the IT driver’s 


seat. @ 41989 
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Can't Argue With That 


Pilot fish's team takes over responsibility for this 

5 million-document data warehouse fed by eight dif- 
ferent systems. The team's first enhancement: adding 
a data integrity checker. “It did its job and pointed out 
a big problem with one of the feeding systems,” fish 
says. “When we met with that system's manager to 
discuss the issue, her retort was, ‘Well, we didn’t have 
this issue until you started running your data integrity 
checker!’ ” 


noticed this, 
and when my 


Ahal 

its 1983, and += SHARK 
wife trans- 
ferred out of 


can toureot TANK. 
the depart- 


can't figure out 

why software up- 

dates for factory-floor =: ment, | heard him say 
equipment are always _: that he wanted her mon- 
corrupted. So fish tags _: itor - though everyone in 
along to watch the union : the department had the 
electrician install the : Same type of monitor.” 


comes to the security | It Must Be Monday 
sign-in log, he needs —_ After a long weekend 
both handstoholdthe : 
log book and sign in,” 
fish says. “So he takes 
the big floppy disk, : 
briskly folds it in half and 
stuffs it into his back i 
pocket, and signs in.” 


Details, Details 
Tech asks pilotfishto 
check a switch box that: 
connects asingle key- 
board and monitor to 
two PCs. “He switches 
from one CPU to the oth- : 
er, alternating between: 
a sign-on and a black 
screen,” says fish, who 
surveys the setup fora: 
“It works better ifboth 
systems are turned on.” : Ctri-P to print each doc- 

: ument and closed it,” 
But Hers Is Better : says fish. “I told him he 
in the days of DOS, this: was overloading the 
pilot fish notices that his : print queue and not to 
wife’s PC at work has a_: print so many documents 
color monitor. “I experi-_: at once. He thought it 
command and got her —_ ever that he was too fast 
DOS prompt changed to : for his computer, and he 
a colorful combination,” { put in a request for a 

? faster one.” 


FEED THE SHARK! Send your true tales of IT life to 

sharky@computerworld.com. You snag a snazzy 
Shark shirt if we use it. And check out the daily feed, browse 
the Sharkives and sign up for Shark Tank home delivery at 
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Deliver tailored, 
mission-critical 
business intelligence. 


With decision authority distributed across business units, how 
can you quickly provide each one with precise and reliable 
intelligence? And ensure that all decisions are aligned with 
strategic goals? SAS* software brings you an integrated archi- 
tecture—complete with targeted interfaces — that allows different 
users to tailor information access, analysis and reporting to fit 
their skills and requirements. This centralized approach lets 
you share cleansed and relevant data from throughout your 
enterprise, while retaining control over data consistency and 
quality. Put 27 years of SAS technology leadership to work for 
you. Call toll free 1 866 270 5728. Or visit our Web site for a 


free white paper and interactive tour. 
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